CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak
Published on: 2026-06-04 01:39:23
Link: View Details
Information published.
CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
Published on: 2026-06-04 01:40:55
Link: View Details
Information published.
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
Published on: 2026-06-04 01:41:49
Link: View Details
Information published.
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Published on: 2026-06-04 01:45:02
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-06-04 01:43:19
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-06-04 01:45:09
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-06-04 01:44:55
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-06-04 01:44:26
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-04 01:44:06
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-06-04 01:42:55
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-06-04 01:45:22
Link: View Details
Information published.
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Published on: 2026-06-04 01:45:29
Link: View Details
Information published.
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Published on: 2026-06-04 01:45:36
Link: View Details
Information published.
CVE-2026-43964 Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
Published on: 2026-06-04 01:42:06
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-06-04 01:43:47
Link: View Details
Information published.
CVE-2024-7598 Network restriction bypass via race condition during namespace termination
Published on: 2026-06-03 01:41:20
Link: View Details
Information published.
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
Published on: 2026-06-03 01:41:38
Link: View Details
Information published.
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Published on: 2026-06-03 01:42:45
Link: View Details
Information published.
CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
Published on: 2026-06-03 01:44:50
Link: View Details
Information published.
CVE-2020-8561 Webhook redirect in kube-apiserver
Published on: 2026-06-03 01:02:13
Link: View Details
Information published.
CVE-2021-25740 Holes in EndpointSlice Validation Enable Host Network Hijack
Published on: 2026-06-03 01:02:08
Link: View Details
Information published.
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Published on: 2026-06-03 01:45:16
Link: View Details
Information published.
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Published on: 2026-06-03 01:45:23
Link: View Details
Information published.
CVE-2025-5791 Users: `root` appended to group listings
Published on: 2026-06-03 01:42:36
Link: View Details
Information published.
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
Published on: 2026-06-03 01:44:47
Link: View Details
Information published.
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Published on: 2026-06-03 01:45:45
Link: View Details
Information published.
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Published on: 2026-06-03 01:44:06
Link: View Details
Information published.
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Published on: 2026-06-03 01:43:44
Link: View Details
Information published.
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Published on: 2026-06-03 01:44:18
Link: View Details
Information published.
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Published on: 2026-06-03 01:43:51
Link: View Details
Information published.
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Published on: 2026-06-03 01:43:59
Link: View Details
Information published.
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Published on: 2026-06-03 01:42:07
Link: View Details
Information published.
CVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
Published on: 2026-06-03 01:41:47
Link: View Details
Information published.
CVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
Published on: 2026-06-03 01:41:57
Link: View Details
Information published.
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
Published on: 2026-06-03 01:42:12
Link: View Details
Information published.
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
Published on: 2026-06-03 01:39:48
Link: View Details
Information published.
CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
Published on: 2026-06-03 01:42:44
Link: View Details
Information published.
CVE-2023-27043 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Published on: 2026-06-03 01:39:34
Link: View Details
Information published.
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Published on: 2026-06-03 01:42:29
Link: View Details
Information published.
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Published on: 2026-06-03 01:42:20
Link: View Details
Information published.
CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak
Published on: 2026-06-03 01:40:45
Link: View Details
Information published.
CVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leak
Published on: 2026-06-03 01:40:55
Link: View Details
Information published.
CVE-2025-1180 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption
Published on: 2026-06-03 01:41:06
Link: View Details
Information published.
CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak
Published on: 2026-06-03 01:40:34
Link: View Details
Information published.
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Published on: 2026-06-03 01:47:52
Link: View Details
Information published.
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Published on: 2026-06-03 01:49:33
Link: View Details
Information published.
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Published on: 2026-06-03 01:48:03
Link: View Details
Information published.
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Published on: 2026-06-03 01:49:41
Link: View Details
Information published.
CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-06-03 01:40:02
Link: View Details
Information published.
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Published on: 2026-06-03 01:42:21
Link: View Details
Information published.
CVE-2026-41607 Apache Thrift: C++ JSON OOB read
Published on: 2026-06-03 01:42:36
Link: View Details
Information published.
CVE-2026-41526 In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.
Published on: 2026-06-03 01:43:10
Link: View Details
Information published.
CVE-2026-40356 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
Published on: 2026-06-03 01:43:26
Link: View Details
Information published.
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Published on: 2026-06-03 01:43:33
Link: View Details
Information published.
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Published on: 2026-06-03 01:44:56
Link: View Details
Information published.
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Published on: 2026-06-03 01:47:39
Link: View Details
Information published.
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Published on: 2026-06-03 01:48:13
Link: View Details
Information published.
CVE-2026-32281 Inefficient policy validation in crypto/x509
Published on: 2026-06-03 01:49:08
Link: View Details
Information published.
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Published on: 2026-06-03 01:48:23
Link: View Details
Information published.
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Published on: 2026-06-03 01:48:34
Link: View Details
Information published.
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Published on: 2026-06-03 01:48:45
Link: View Details
Information published.
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Published on: 2026-06-03 01:49:22
Link: View Details
Information published.
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Published on: 2026-06-03 01:48:57
Link: View Details
Information published.
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Published on: 2026-06-03 01:39:41
Link: View Details
Information published.
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure
Published on: 2026-06-03 01:39:47
Link: View Details
Information published.
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Published on: 2026-06-03 01:39:54
Link: View Details
Information published.
CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal
Published on: 2026-06-03 01:40:08
Link: View Details
Information published.
CVE-2026-5450 scanf %mc off-by-one heap buffer overflow
Published on: 2026-06-03 01:40:16
Link: View Details
Information published.
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Published on: 2026-06-03 01:40:29
Link: View Details
Information published.
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Published on: 2026-06-03 01:41:19
Link: View Details
Information published.
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path
Published on: 2026-06-03 01:41:27
Link: View Details
Information published.
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters
Published on: 2026-06-03 01:41:33
Link: View Details
Information published.
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
Published on: 2026-06-03 01:42:09
Link: View Details
Information published.
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow
Published on: 2026-06-03 01:42:29
Link: View Details
Information published.
CVE-2026-40355 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Published on: 2026-06-03 01:43:19
Link: View Details
Information published.
CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file
Published on: 2026-06-03 01:44:33
Link: View Details
Information published.
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Published on: 2026-06-03 01:45:04
Link: View Details
Information published.
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Published on: 2026-06-03 01:45:43
Link: View Details
Information published.
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
Published on: 2026-06-03 01:45:51
Link: View Details
Information published.
CVE-2024-30896 InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.
Published on: 2026-06-03 01:40:11
Link: View Details
Information published.
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
Published on: 2026-06-03 01:42:16
Link: View Details
Information published.
CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads
Published on: 2026-06-03 01:39:56
Link: View Details
Information published.
CVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file write
Published on: 2026-06-03 01:39:41
Link: View Details
Information published.
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
Published on: 2026-06-03 01:45:56
Link: View Details
Information published.
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template
Published on: 2026-06-03 01:46:17
Link: View Details
Information published.
CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models
Published on: 2026-06-03 01:46:23
Link: View Details
Information published.
CVE-2026-3644 Incomplete control character validation in http.cookies
Published on: 2026-06-03 01:46:31
Link: View Details
Information published.
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Published on: 2026-06-03 01:43:43
Link: View Details
Information published.
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
Published on: 2026-06-03 01:46:04
Link: View Details
Information published.
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
Published on: 2026-06-03 01:46:37
Link: View Details
Information published.
CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message
Published on: 2026-06-03 01:47:31
Link: View Details
Information published.
CVE-2026-37457 An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.
Published on: 2026-06-03 01:45:17
Link: View Details
Information published.
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Published on: 2026-06-03 01:50:26
Link: View Details
Information published.
CVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly
Published on: 2026-06-03 01:46:23
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-06-03 01:47:40
Link: View Details
Information published.
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Published on: 2026-06-03 01:48:23
Link: View Details
Information published.
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Published on: 2026-06-03 01:49:28
Link: View Details
Information published.
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
Published on: 2026-06-03 01:49:43
Link: View Details
Information published.
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
Published on: 2026-06-03 01:49:50
Link: View Details
Information published.
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Published on: 2026-06-03 01:49:56
Link: View Details
Information published.
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
Published on: 2026-06-03 01:50:03
Link: View Details
Information published.
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
Published on: 2026-06-03 01:50:09
Link: View Details
Information published.
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Published on: 2026-06-03 01:50:18
Link: View Details
Information published.
CVE-2026-44777 jq: stack overflow in module loading on mutual `include`
Published on: 2026-06-03 01:50:33
Link: View Details
Information published.
CVE-2026-4873 connection reuse ignores TLS requirement
Published on: 2026-06-03 01:50:45
Link: View Details
Information published.
CVE-2026-6429 netrc credential leak with reused proxy connection
Published on: 2026-06-03 01:50:51
Link: View Details
Information published.
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Published on: 2026-06-03 01:50:57
Link: View Details
Information published.
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Published on: 2026-06-03 01:39:53
Link: View Details
Information published.
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Published on: 2026-06-03 01:40:11
Link: View Details
Information published.
CVE-2026-4893 CVE-2026-4893
Published on: 2026-06-03 01:40:28
Link: View Details
Information published.
CVE-2026-2291 CVE-2026-2291
Published on: 2026-06-03 01:40:36
Link: View Details
Information published.
CVE-2026-5172 CVE-2026-5172
Published on: 2026-06-03 01:40:44
Link: View Details
Information published.
CVE-2026-4890 CVE-2026-4890
Published on: 2026-06-03 01:40:53
Link: View Details
Information published.
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Published on: 2026-06-03 01:41:11
Link: View Details
Information published.
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Published on: 2026-06-03 01:41:18
Link: View Details
Information published.
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Published on: 2026-06-03 01:41:27
Link: View Details
Information published.
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
Published on: 2026-06-03 01:42:37
Link: View Details
Information published.
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Published on: 2026-06-03 01:42:52
Link: View Details
Information published.
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Published on: 2026-06-03 01:48:48
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-06-03 01:44:03
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-06-03 01:49:01
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-06-03 01:46:33
Link: View Details
Information published.
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:48:34
Link: View Details
Information published.
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:48:10
Link: View Details
Information published.
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:48:22
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:45:53
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:45:24
Link: View Details
Information published.
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:49:14
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-06-03 01:43:11
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-06-03 01:46:49
Link: View Details
Information published.
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Published on: 2026-06-03 01:47:08
Link: View Details
Information published.
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Published on: 2026-06-03 01:49:46
Link: View Details
Information published.
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Published on: 2026-06-03 01:45:59
Link: View Details
Information published.
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Published on: 2026-06-03 01:46:07
Link: View Details
Information published.
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Published on: 2026-06-03 01:46:14
Link: View Details
Information published.
CVE-2026-33811 Crash when handling long CNAME response in net
Published on: 2026-06-03 01:46:33
Link: View Details
Information published.
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Published on: 2026-06-03 01:47:51
Link: View Details
Information published.
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Published on: 2026-06-03 01:48:01
Link: View Details
Information published.
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Published on: 2026-06-03 01:48:12
Link: View Details
Information published.
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Published on: 2026-06-03 01:48:34
Link: View Details
Information published.
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Published on: 2026-06-03 01:48:44
Link: View Details
Information published.
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Published on: 2026-06-03 01:48:55
Link: View Details
Information published.
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Published on: 2026-06-03 01:49:07
Link: View Details
Information published.
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Published on: 2026-06-03 01:49:17
Link: View Details
Information published.
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
Published on: 2026-06-03 01:49:36
Link: View Details
Information published.
CVE-2026-6276 stale custom cookie host causes cookie leak
Published on: 2026-06-03 01:50:39
Link: View Details
Information published.
CVE-2026-7168 cross-proxy Digest auth state leak
Published on: 2026-06-03 01:40:02
Link: View Details
Information published.
CVE-2026-4891 CVE-2026-4891
Published on: 2026-06-03 01:40:20
Link: View Details
Information published.
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
Published on: 2026-06-03 01:41:01
Link: View Details
Information published.
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Published on: 2026-06-03 01:41:35
Link: View Details
Information published.
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Published on: 2026-06-03 01:41:43
Link: View Details
Information published.
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
Published on: 2026-06-03 01:41:56
Link: View Details
Information published.
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Published on: 2026-06-03 01:42:04
Link: View Details
Information published.
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Published on: 2026-06-03 01:47:58
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-06-03 01:44:53
Link: View Details
Information published.
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Published on: 2026-06-03 01:49:24
Link: View Details
Information published.
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Published on: 2026-06-03 01:49:36
Link: View Details
Information published.
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive
Published on: 2026-06-03 01:50:01
Link: View Details
Information published.
CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability
Published on: 2026-06-03 01:50:08
Link: View Details
Information published.
CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
Published on: 2026-06-03 01:43:17
Link: View Details
Information published.
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Published on: 2026-06-03 01:44:39
Link: View Details
Information published.
CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Published on: 2026-06-03 01:43:24
Link: View Details
Information published.
CVE-2026-40361 Microsoft Outlook and Word Remote Code Execution Vulnerability
Published on: 2026-06-02 07:00:00
Link: View Details
Updated CVE title. This is an informational change only.
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Published on: 2026-06-02 01:47:58
Link: View Details
Information published.
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Published on: 2026-06-02 01:46:51
Link: View Details
Information published.
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Published on: 2026-06-02 01:47:02
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-06-02 01:48:29
Link: View Details
Information published.
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Published on: 2026-06-02 01:48:14
Link: View Details
Information published.
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Published on: 2026-06-02 01:44:10
Link: View Details
Information published.
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Published on: 2026-06-02 01:43:58
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-06-02 01:46:56
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-06-02 01:47:32
Link: View Details
Information published.
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Published on: 2026-06-02 01:47:47
Link: View Details
Information published.
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Published on: 2026-06-02 01:48:03
Link: View Details
Information published.
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Published on: 2026-06-02 01:46:41
Link: View Details
Information published.
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-06-02 01:47:20
Link: View Details
Information published.
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Published on: 2026-06-02 01:46:46
Link: View Details
Information published.
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Published on: 2026-06-02 01:48:09
Link: View Details
Information published.
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-06-02 01:47:42
Link: View Details
Information published.
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Published on: 2026-06-02 01:47:07
Link: View Details
Information published.
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Published on: 2026-06-02 01:48:19
Link: View Details
Information published.
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Published on: 2026-06-02 01:48:24
Link: View Details
Information published.
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.
The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.
Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Published on: 2026-06-02 01:40:32
Link: View Details
Information published.
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.
The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.
This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Published on: 2026-06-02 01:42:25
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-06-02 01:47:52
Link: View Details
Information published.
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Published on: 2026-06-02 01:47:26
Link: View Details
Information published.
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Published on: 2026-06-02 01:47:14
Link: View Details
Information published.
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.
As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.
This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Published on: 2026-06-02 01:47:37
Link: View Details
Information published.
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Published on: 2026-06-02 01:44:29
Link: View Details
Information published.
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
Published on: 2026-06-02 01:44:52
Link: View Details
Information published.
CVE-2026-7568 Signed integer overflow in metaphone()
Published on: 2026-06-02 01:45:26
Link: View Details
Information published.
CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records
Published on: 2026-06-02 01:40:26
Link: View Details
Information published.
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Published on: 2026-06-02 01:40:34
Link: View Details
Information published.
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Published on: 2026-06-02 01:40:39
Link: View Details
Information published.
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
Published on: 2026-06-02 01:40:45
Link: View Details
Information published.
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Published on: 2026-06-02 01:43:53
Link: View Details
Information published.
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
Published on: 2026-06-02 01:40:51
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-06-02 01:42:25
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-06-02 01:43:47
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-06-02 01:43:33
Link: View Details
Information published.
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:42:56
Link: View Details
Information published.
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:43:02
Link: View Details
Information published.
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:42:16
Link: View Details
Information published.
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:41:25
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:42:48
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:43:11
Link: View Details
Information published.
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:43:16
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:41:48
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-06-02 01:42:30
Link: View Details
Information published.
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
Published on: 2026-06-02 01:41:43
Link: View Details
Information published.
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Published on: 2026-06-02 01:43:39
Link: View Details
Information published.
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Published on: 2026-06-02 01:42:36
Link: View Details
Information published.
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Published on: 2026-06-02 01:43:59
Link: View Details
Information published.
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
Published on: 2026-06-02 01:44:12
Link: View Details
Information published.
CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass
Published on: 2026-06-02 01:44:20
Link: View Details
Information published.
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Published on: 2026-06-02 01:44:27
Link: View Details
Information published.
CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Published on: 2026-06-02 01:44:53
Link: View Details
Information published.
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Published on: 2026-06-02 01:46:22
Link: View Details
Information published.
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Published on: 2026-06-02 01:45:32
Link: View Details
Information published.
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Published on: 2026-06-02 01:45:43
Link: View Details
Information published.
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Published on: 2026-06-02 01:45:48
Link: View Details
Information published.
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Published on: 2026-06-02 01:45:58
Link: View Details
Information published.
CVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain
Published on: 2026-06-02 01:01:14
Link: View Details
Information published.
CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Published on: 2026-06-02 01:01:20
Link: View Details
Information published.
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Published on: 2026-06-02 01:44:22
Link: View Details
Information published.
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
Published on: 2026-06-02 01:44:57
Link: View Details
Information published.
CVE-2026-6722 Use-After-Free in SOAP using Apache map
Published on: 2026-06-02 01:45:03
Link: View Details
Information published.
CVE-2026-6735 XSS within PHP-FPM status endpoint
Published on: 2026-06-02 01:45:08
Link: View Details
Information published.
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
Published on: 2026-06-02 01:45:14
Link: View Details
Information published.
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
Published on: 2026-06-02 01:45:20
Link: View Details
Information published.
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
Published on: 2026-06-02 01:45:31
Link: View Details
Information published.
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Published on: 2026-06-02 01:42:02
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-06-02 01:43:25
Link: View Details
Information published.
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
Published on: 2026-06-02 01:42:42
Link: View Details
Information published.
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Published on: 2026-06-02 01:44:33
Link: View Details
Information published.
CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Published on: 2026-06-02 01:44:44
Link: View Details
Information published.
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Published on: 2026-06-02 01:45:21
Link: View Details
Information published.
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Published on: 2026-06-02 01:45:27
Link: View Details
Information published.
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Published on: 2026-06-02 01:45:38
Link: View Details
Information published.
CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
Published on: 2026-06-02 01:44:58
Link: View Details
Information published.
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Published on: 2026-06-02 01:45:04
Link: View Details
Information published.
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Published on: 2026-06-02 01:45:10
Link: View Details
Information published.
CVE-2026-46184 sound: ua101: fix division by zero at probe
Published on: 2026-06-02 01:45:15
Link: View Details
Information published.
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
Published on: 2026-06-02 01:46:04
Link: View Details
Information published.
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Published on: 2026-06-02 01:46:29
Link: View Details
Information published.
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Published on: 2026-06-02 01:48:35
Link: View Details
Information published.
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Published on: 2026-06-02 01:48:40
Link: View Details
Information published.
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward
Published on: 2026-06-02 01:01:25
Link: View Details
Information published.
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2026-06-01 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published on: 2026-06-01 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-06-01 07:00:00
Link: View Details
Updated Hotpatch links. This is in informational change only.
CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
Published on: 2026-06-01 07:00:00
Link: View Details
Updated Hotpatch links. This is in informational change only.
CVE-2025-6965 Integer Truncation on SQLite
Published on: 2026-06-01 07:00:00
Link: View Details
Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Published on: 2026-06-01 01:42:15
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-06-01 01:41:51
Link: View Details
Information published.
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Published on: 2026-06-01 01:42:03
Link: View Details
Information published.
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published on: 2026-05-31 01:41:09
Link: View Details
Information published.
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published on: 2026-05-31 01:41:02
Link: View Details
Information published.
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published on: 2026-05-31 01:40:55
Link: View Details
Information published.
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Published on: 2026-05-31 01:03:56
Link: View Details
Information published.
CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
Published on: 2026-05-31 01:40:05
Link: View Details
Information published.
CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.
This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Published on: 2026-05-31 01:39:56
Link: View Details
Information published.
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Published on: 2026-05-31 01:02:54
Link: View Details
Information published.
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Published on: 2026-05-31 01:03:05
Link: View Details
Information published.
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Published on: 2026-05-31 01:04:27
Link: View Details
Information published.
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Published on: 2026-05-31 01:04:12
Link: View Details
Information published.
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Published on: 2026-05-31 01:02:59
Link: View Details
Information published.
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Published on: 2026-05-31 01:03:34
Link: View Details
Information published.
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Published on: 2026-05-31 01:03:44
Link: View Details
Information published.
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Published on: 2026-05-31 01:04:01
Link: View Details
Information published.
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Published on: 2026-05-31 01:02:44
Link: View Details
Information published.
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-05-31 01:03:22
Link: View Details
Information published.
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Published on: 2026-05-31 01:02:49
Link: View Details
Information published.
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Published on: 2026-05-31 01:04:07
Link: View Details
Information published.
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-05-31 01:03:39
Link: View Details
Information published.
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Published on: 2026-05-31 01:03:10
Link: View Details
Information published.
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Published on: 2026-05-31 01:04:17
Link: View Details
Information published.
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Published on: 2026-05-31 01:04:22
Link: View Details
Information published.
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.
The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.
Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Published on: 2026-05-31 01:40:30
Link: View Details
Information published.
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.
The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.
This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Published on: 2026-05-31 01:41:41
Link: View Details
Information published.
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Published on: 2026-05-31 01:03:50
Link: View Details
Information published.
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Published on: 2026-05-31 01:03:29
Link: View Details
Information published.
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Published on: 2026-05-31 01:03:16
Link: View Details
Information published.
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.
As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.
This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Published on: 2026-05-31 01:01:15
Link: View Details
Information published.
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Published on: 2026-05-31 01:01:48
Link: View Details
Information published.
CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF
Published on: 2026-05-31 01:01:32
Link: View Details
Information published.
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Published on: 2026-05-31 01:01:59
Link: View Details
Information published.
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
Published on: 2026-05-31 01:02:22
Link: View Details
Information published.
CVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read
Published on: 2026-05-31 01:02:34
Link: View Details
Information published.
CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
Published on: 2026-05-31 01:02:40
Link: View Details
Information published.
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
Published on: 2026-05-31 01:04:34
Link: View Details
Information published.
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule
Published on: 2026-05-31 01:04:52
Link: View Details
Information published.
CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c
Published on: 2026-05-31 01:01:21
Link: View Details
Information published.
CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Published on: 2026-05-31 01:01:27
Link: View Details
Information published.
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Published on: 2026-05-31 01:01:54
Link: View Details
Information published.
CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name
Published on: 2026-05-31 01:02:05
Link: View Details
Information published.
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling
Published on: 2026-05-31 01:02:11
Link: View Details
Information published.
CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange
Published on: 2026-05-31 01:02:16
Link: View Details
Information published.
CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
Published on: 2026-05-31 01:02:29
Link: View Details
Information published.
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date
Published on: 2026-05-31 01:04:39
Link: View Details
Information published.
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
Published on: 2026-05-31 01:04:44
Link: View Details
Information published.
CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind
Published on: 2026-05-30 01:41:47
Link: View Details
Information published.
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch
Published on: 2026-05-30 01:41:57
Link: View Details
Information published.
CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race
Published on: 2026-05-30 01:42:07
Link: View Details
Information published.
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
Published on: 2026-05-30 01:42:18
Link: View Details
Information published.
CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Published on: 2026-05-30 01:42:23
Link: View Details
Information published.
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
Published on: 2026-05-30 01:42:33
Link: View Details
Information published.
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
Published on: 2026-05-30 01:42:43
Link: View Details
Information published.
CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Published on: 2026-05-30 01:42:52
Link: View Details
Information published.
CVE-2026-46128 ipmi: Check event message buffer response for bad data
Published on: 2026-05-30 01:43:19
Link: View Details
Information published.
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
Published on: 2026-05-30 01:43:38
Link: View Details
Information published.
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Published on: 2026-05-30 01:43:59
Link: View Details
Information published.
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Published on: 2026-05-30 01:44:04
Link: View Details
Information published.
CVE-2026-46107 dm-thin: fix metadata refcount underflow
Published on: 2026-05-30 01:44:14
Link: View Details
Information published.
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Published on: 2026-05-30 01:44:19
Link: View Details
Information published.
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Published on: 2026-05-30 01:44:30
Link: View Details
Information published.
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
Published on: 2026-05-30 01:44:35
Link: View Details
Information published.
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Published on: 2026-05-30 01:44:39
Link: View Details
Information published.
CVE-2026-46177 ipmi: Add limits to event and receive message requests
Published on: 2026-05-30 01:44:50
Link: View Details
Information published.
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Published on: 2026-05-30 01:44:54
Link: View Details
Information published.
CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last
Published on: 2026-05-30 01:45:05
Link: View Details
Information published.
CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
Published on: 2026-05-30 01:45:10
Link: View Details
Information published.
CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put
Published on: 2026-05-30 01:45:15
Link: View Details
Information published.
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
Published on: 2026-05-30 01:45:20
Link: View Details
Information published.
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
Published on: 2026-05-30 01:45:30
Link: View Details
Information published.
CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Published on: 2026-05-30 01:45:50
Link: View Details
Information published.
CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
Published on: 2026-05-30 01:45:45
Link: View Details
Information published.
CVE-2026-46125 wifi: mac80211: remove station if connection prep fails
Published on: 2026-05-30 01:45:40
Link: View Details
Information published.
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
Published on: 2026-05-30 01:39:45
Link: View Details
Information published.
CVE-2026-46153 8021q: delete cleared egress QoS mappings
Published on: 2026-05-30 01:39:51
Link: View Details
Information published.
CVE-2026-46150 fanotify: fix false positive on permission events
Published on: 2026-05-30 01:46:05
Link: View Details
Information published.
CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure
Published on: 2026-05-30 01:46:00
Link: View Details
Information published.
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Published on: 2026-05-30 01:40:01
Link: View Details
Information published.
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Published on: 2026-05-30 01:40:26
Link: View Details
Information published.
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Published on: 2026-05-30 01:40:11
Link: View Details
Information published.
CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
Published on: 2026-05-30 01:40:51
Link: View Details
Information published.
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Published on: 2026-05-30 01:40:56
Link: View Details
Information published.
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget
Published on: 2026-05-30 01:41:06
Link: View Details
Information published.
CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events
Published on: 2026-05-30 01:41:16
Link: View Details
Information published.
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Published on: 2026-05-30 01:41:36
Link: View Details
Information published.
CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Published on: 2026-05-30 01:41:42
Link: View Details
Information published.
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert
Published on: 2026-05-30 01:41:52
Link: View Details
Information published.
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Published on: 2026-05-30 01:42:02
Link: View Details
Information published.
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
Published on: 2026-05-30 01:42:13
Link: View Details
Information published.
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Published on: 2026-05-30 01:42:28
Link: View Details
Information published.
CVE-2026-46198 batman-adv: fix integer overflow on buff_pos
Published on: 2026-05-30 01:42:38
Link: View Details
Information published.
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
Published on: 2026-05-30 01:42:47
Link: View Details
Information published.
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
Published on: 2026-05-30 01:42:59
Link: View Details
Information published.
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Published on: 2026-05-30 01:43:04
Link: View Details
Information published.
CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths
Published on: 2026-05-30 01:43:09
Link: View Details
Information published.
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Published on: 2026-05-30 01:43:14
Link: View Details
Information published.
CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task
Published on: 2026-05-30 01:43:24
Link: View Details
Information published.
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory
Published on: 2026-05-30 01:43:29
Link: View Details
Information published.
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Published on: 2026-05-30 01:43:34
Link: View Details
Information published.
CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()
Published on: 2026-05-30 01:43:43
Link: View Details
Information published.
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
Published on: 2026-05-30 01:43:48
Link: View Details
Information published.
CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims
Published on: 2026-05-30 01:43:53
Link: View Details
Information published.
CVE-2026-46234 vsock: fix buffer size clamping order
Published on: 2026-05-30 01:44:09
Link: View Details
Information published.
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Published on: 2026-05-30 01:44:25
Link: View Details
Information published.
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
Published on: 2026-05-30 01:44:44
Link: View Details
Information published.
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
Published on: 2026-05-30 01:45:25
Link: View Details
Information published.
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
Published on: 2026-05-30 01:45:00
Link: View Details
Information published.
CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
Published on: 2026-05-30 01:45:35
Link: View Details
Information published.
CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
Published on: 2026-05-30 01:45:55
Link: View Details
Information published.
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
Published on: 2026-05-30 01:46:10
Link: View Details
Information published.
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop
Published on: 2026-05-30 01:39:56
Link: View Details
Information published.
CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
Published on: 2026-05-30 01:40:06
Link: View Details
Information published.
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
Published on: 2026-05-30 01:40:16
Link: View Details
Information published.
CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown
Published on: 2026-05-30 01:40:36
Link: View Details
Information published.
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)
Published on: 2026-05-30 01:40:46
Link: View Details
Information published.
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing
Published on: 2026-05-30 01:40:21
Link: View Details
Information published.
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Published on: 2026-05-30 01:40:41
Link: View Details
Information published.
CVE-2026-46142 net: libwx: fix VF illegal register access
Published on: 2026-05-30 01:41:01
Link: View Details
Information published.
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Published on: 2026-05-30 01:41:11
Link: View Details
Information published.
CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Published on: 2026-05-30 01:40:31
Link: View Details
Information published.
CVE-2026-46184 sound: ua101: fix division by zero at probe
Published on: 2026-05-30 01:41:21
Link: View Details
Information published.
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
Published on: 2026-05-30 01:41:31
Link: View Details
Information published.
CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks
Published on: 2026-05-30 01:41:26
Link: View Details
Information published.
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs
Published on: 2026-05-30 01:01:18
Link: View Details
Information published.
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-29 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-29 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-29 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-29 07:00:00
Link: View Details
Updated an acknowledgement. This is an informational change only.
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check
Published on: 2026-05-29 01:42:20
Link: View Details
Information published.
CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised
Published on: 2026-05-29 01:42:31
Link: View Details
Information published.
CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues
Published on: 2026-05-29 01:42:39
Link: View Details
Information published.
CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy
Published on: 2026-05-29 01:42:47
Link: View Details
Information published.
CVE-2026-46004 ALSA: caiaq: Handle probe errors properly
Published on: 2026-05-29 01:43:02
Link: View Details
Information published.
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion
Published on: 2026-05-29 01:43:13
Link: View Details
Information published.
CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry
Published on: 2026-05-29 01:43:18
Link: View Details
Information published.
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies
Published on: 2026-05-29 01:43:32
Link: View Details
Information published.
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Published on: 2026-05-29 01:43:40
Link: View Details
Information published.
CVE-2026-45991 udf: fix partition descriptor append bookkeeping
Published on: 2026-05-29 01:43:48
Link: View Details
Information published.
CVE-2026-46053 net: rds: fix MR cleanup on copy error
Published on: 2026-05-29 01:44:03
Link: View Details
Information published.
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
Published on: 2026-05-29 01:52:47
Link: View Details
Information published.
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
Published on: 2026-05-29 01:52:52
Link: View Details
Information published.
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Published on: 2026-05-29 01:44:16
Link: View Details
Information published.
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
Published on: 2026-05-29 01:44:29
Link: View Details
Information published.
CVE-2026-45940 net: stmmac: fix oops when split header is enabled
Published on: 2026-05-29 01:44:35
Link: View Details
Information published.
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory
Published on: 2026-05-29 01:44:46
Link: View Details
Information published.
CVE-2026-46017 mm: fix deferred split queue races during migration
Published on: 2026-05-29 01:53:01
Link: View Details
Information published.
CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()
Published on: 2026-05-29 01:53:18
Link: View Details
Information published.
CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()
Published on: 2026-05-29 01:53:23
Link: View Details
Information published.
CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks
Published on: 2026-05-29 01:53:28
Link: View Details
Information published.
CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed
Published on: 2026-05-29 01:53:33
Link: View Details
Information published.
CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
Published on: 2026-05-29 01:53:13
Link: View Details
Information published.
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
Published on: 2026-05-29 01:53:42
Link: View Details
Information published.
CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
Published on: 2026-05-29 01:53:49
Link: View Details
Information published.
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Published on: 2026-05-29 01:54:03
Link: View Details
Information published.
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Published on: 2026-05-29 01:54:10
Link: View Details
Information published.
CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers
Published on: 2026-05-29 01:54:37
Link: View Details
Information published.
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
Published on: 2026-05-29 01:40:10
Link: View Details
Information published.
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
Published on: 2026-05-29 01:40:29
Link: View Details
Information published.
CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure
Published on: 2026-05-29 01:40:52
Link: View Details
Information published.
CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()
Published on: 2026-05-29 01:41:06
Link: View Details
Information published.
CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
Published on: 2026-05-29 01:41:34
Link: View Details
Information published.
CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind
Published on: 2026-05-29 01:01:29
Link: View Details
Information published.
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch
Published on: 2026-05-29 01:01:46
Link: View Details
Information published.
CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race
Published on: 2026-05-29 01:02:01
Link: View Details
Information published.
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
Published on: 2026-05-29 01:02:17
Link: View Details
Information published.
CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
Published on: 2026-05-29 01:02:25
Link: View Details
Information published.
CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt
Published on: 2026-05-29 01:02:39
Link: View Details
Information published.
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
Published on: 2026-05-29 01:02:55
Link: View Details
Information published.
CVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Published on: 2026-05-29 01:03:10
Link: View Details
Information published.
CVE-2026-46110 net: stmmac: Prevent NULL deref when RX memory exhausted
Published on: 2026-05-29 01:03:24
Link: View Details
Information published.
CVE-2026-46128 ipmi: Check event message buffer response for bad data
Published on: 2026-05-29 01:03:53
Link: View Details
Information published.
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Published on: 2026-05-29 01:04:11
Link: View Details
Information published.
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
Published on: 2026-05-29 01:04:23
Link: View Details
Information published.
CVE-2026-46159 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
Published on: 2026-05-29 01:04:26
Link: View Details
Information published.
CVE-2026-46226 spi: fsl: fix controller deregistration
Published on: 2026-05-29 01:04:34
Link: View Details
Information published.
CVE-2026-46165 openvswitch: vport: fix self-deadlock on release of tunnel ports
Published on: 2026-05-29 01:04:42
Link: View Details
Information published.
CVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
Published on: 2026-05-29 01:04:50
Link: View Details
Information published.
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
Published on: 2026-05-29 01:04:52
Link: View Details
Information published.
CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size
Published on: 2026-05-29 01:04:57
Link: View Details
Information published.
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
Published on: 2026-05-29 01:04:59
Link: View Details
Information published.
CVE-2026-46107 dm-thin: fix metadata refcount underflow
Published on: 2026-05-29 01:05:13
Link: View Details
Information published.
CVE-2026-46176 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
Published on: 2026-05-29 01:05:19
Link: View Details
Information published.
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
Published on: 2026-05-29 01:05:21
Link: View Details
Information published.
CVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardown
Published on: 2026-05-29 01:05:27
Link: View Details
Information published.
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
Published on: 2026-05-29 01:05:37
Link: View Details
Information published.
CVE-2026-46225 spi: rspi: fix controller deregistration
Published on: 2026-05-29 01:05:37
Link: View Details
Information published.
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
Published on: 2026-05-29 01:05:44
Link: View Details
Information published.
CVE-2026-46164 btrfs: fix double free in create_space_info_sub_group() error path
Published on: 2026-05-29 01:05:44
Link: View Details
Information published.
CVE-2026-46235 media: saa7164: add ioremap return checks and cleanups
Published on: 2026-05-29 01:05:51
Link: View Details
Information published.
CVE-2026-46127 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()
Published on: 2026-05-29 01:05:51
Link: View Details
Information published.
CVE-2026-46177 ipmi: Add limits to event and receive message requests
Published on: 2026-05-29 01:06:06
Link: View Details
Information published.
CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()
Published on: 2026-05-29 01:06:07
Link: View Details
Information published.
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
Published on: 2026-05-29 01:06:14
Link: View Details
Information published.
CVE-2026-46136 wifi: mt76: mt7921: fix a potential clc buffer length underflow
Published on: 2026-05-29 01:06:14
Link: View Details
Information published.
CVE-2026-46132 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
Published on: 2026-05-29 01:05:59
Link: View Details
Information published.
CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last
Published on: 2026-05-29 01:06:28
Link: View Details
Information published.
CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
Published on: 2026-05-29 01:06:29
Link: View Details
Information published.
CVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
Published on: 2026-05-29 01:06:35
Link: View Details
Information published.
CVE-2026-46175 f2fs: fix fsck inconsistency caused by FGGC of node block
Published on: 2026-05-29 01:06:21
Link: View Details
Information published.
CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put
Published on: 2026-05-29 01:06:43
Link: View Details
Information published.
CVE-2026-46238 batman-adv: stop caching unowned originator pointers in BAT IV
Published on: 2026-05-29 01:06:59
Link: View Details
Information published.
CVE-2026-46120 ip6_gre: Use cached t->net in ip6erspan_changelink().
Published on: 2026-05-29 01:07:07
Link: View Details
Information published.
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
Published on: 2026-05-29 01:06:50
Link: View Details
Information published.
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
Published on: 2026-05-29 01:07:04
Link: View Details
Information published.
CVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
Published on: 2026-05-29 01:07:30
Link: View Details
Information published.
CVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
Published on: 2026-05-29 01:07:24
Link: View Details
Information published.
CVE-2026-46122 wifi: b43: enforce bounds check on firmware key index in b43_rx()
Published on: 2026-05-29 01:07:28
Link: View Details
Information published.
CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
Published on: 2026-05-29 01:07:15
Link: View Details
Information published.
CVE-2026-46125 wifi: mac80211: remove station if connection prep fails
Published on: 2026-05-29 01:07:18
Link: View Details
Information published.
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
Published on: 2026-05-29 01:07:33
Link: View Details
Information published.
CVE-2026-46153 8021q: delete cleared egress QoS mappings
Published on: 2026-05-29 01:07:40
Link: View Details
Information published.
CVE-2026-46150 fanotify: fix false positive on permission events
Published on: 2026-05-29 01:07:48
Link: View Details
Information published.
CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure
Published on: 2026-05-29 01:07:42
Link: View Details
Information published.
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Published on: 2026-05-29 01:07:53
Link: View Details
Information published.
CVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardown
Published on: 2026-05-29 01:08:22
Link: View Details
Information published.
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Published on: 2026-05-29 01:08:01
Link: View Details
Information published.
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
Published on: 2026-05-29 01:08:05
Link: View Details
Information published.
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Published on: 2026-05-29 01:08:13
Link: View Details
Information published.
CVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
Published on: 2026-05-29 01:08:50
Link: View Details
Information published.
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
Published on: 2026-05-29 01:08:56
Link: View Details
Information published.
CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
Published on: 2026-05-29 01:08:07
Link: View Details
Information published.
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget
Published on: 2026-05-29 01:09:07
Link: View Details
Information published.
CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events
Published on: 2026-05-29 01:09:19
Link: View Details
Information published.
CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Published on: 2026-05-29 01:09:41
Link: View Details
Information published.
CVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
Published on: 2026-05-29 01:09:46
Link: View Details
Information published.
CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()
Published on: 2026-05-29 01:43:26
Link: View Details
Information published.
CVE-2026-46091 media: rc: igorplugusb: heed coherency rules
Published on: 2026-05-29 01:44:40
Link: View Details
Information published.
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
Published on: 2026-05-29 01:44:52
Link: View Details
Information published.
CVE-2026-46089 zram: do not forget to endio for partial discard requests
Published on: 2026-05-29 01:45:00
Link: View Details
Information published.
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation
Published on: 2026-05-29 01:53:06
Link: View Details
Information published.
CVE-2026-46044 ipmi:ssif: Clean up kthread on errors
Published on: 2026-05-29 01:54:25
Link: View Details
Information published.
CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()
Published on: 2026-05-29 01:54:20
Link: View Details
Information published.
CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
Published on: 2026-05-29 01:40:16
Link: View Details
Information published.
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
Published on: 2026-05-29 01:40:44
Link: View Details
Information published.
CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop
Published on: 2026-05-29 01:41:00
Link: View Details
Information published.
CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table
Published on: 2026-05-29 01:41:19
Link: View Details
Information published.
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Published on: 2026-05-29 01:41:43
Link: View Details
Information published.
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
Published on: 2026-05-29 01:41:48
Link: View Details
Information published.
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert
Published on: 2026-05-29 01:01:38
Link: View Details
Information published.
CVE-2026-46200 spi: mpc52xx: fix controller deregistration
Published on: 2026-05-29 01:01:53
Link: View Details
Information published.
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
Published on: 2026-05-29 01:02:09
Link: View Details
Information published.
CVE-2026-46148 spi: microchip-core-qspi: control built-in cs manually
Published on: 2026-05-29 01:02:32
Link: View Details
Information published.
CVE-2026-46198 batman-adv: fix integer overflow on buff_pos
Published on: 2026-05-29 01:02:47
Link: View Details
Information published.
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
Published on: 2026-05-29 01:03:02
Link: View Details
Information published.
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers
Published on: 2026-05-29 01:03:17
Link: View Details
Information published.
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback
Published on: 2026-05-29 01:03:31
Link: View Details
Information published.
CVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error paths
Published on: 2026-05-29 01:03:39
Link: View Details
Information published.
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Published on: 2026-05-29 01:03:46
Link: View Details
Information published.
CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task
Published on: 2026-05-29 01:04:00
Link: View Details
Information published.
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory
Published on: 2026-05-29 01:04:08
Link: View Details
Information published.
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Published on: 2026-05-29 01:04:16
Link: View Details
Information published.
CVE-2026-46115 block: add pgmap check to biovec_phys_mergeable
Published on: 2026-05-29 01:04:19
Link: View Details
Information published.
CVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()
Published on: 2026-05-29 01:04:30
Link: View Details
Information published.
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
Published on: 2026-05-29 01:04:38
Link: View Details
Information published.
CVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claims
Published on: 2026-05-29 01:04:45
Link: View Details
Information published.
CVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLs
Published on: 2026-05-29 01:05:04
Link: View Details
Information published.
CVE-2026-46234 vsock: fix buffer size clamping order
Published on: 2026-05-29 01:05:06
Link: View Details
Information published.
CVE-2026-46171 riscv: kvm: fix vector context allocation leak
Published on: 2026-05-29 01:05:11
Link: View Details
Information published.
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams
Published on: 2026-05-29 01:05:27
Link: View Details
Information published.
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
Published on: 2026-05-29 01:05:58
Link: View Details
Information published.
CVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
Published on: 2026-05-29 01:06:43
Link: View Details
Information published.
CVE-2026-46145 RDMA/mana: Validate rx_hash_key_len
Published on: 2026-05-29 01:06:36
Link: View Details
Information published.
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
Published on: 2026-05-29 01:06:57
Link: View Details
Information published.
CVE-2026-46129 btrfs: fix double free in create_space_info() error path
Published on: 2026-05-29 01:06:21
Link: View Details
Information published.
CVE-2026-46218 drm/amdgpu: Add bounds checking to ib_{get,set}_value
Published on: 2026-05-29 01:06:51
Link: View Details
Information published.
CVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
Published on: 2026-05-29 01:07:12
Link: View Details
Information published.
CVE-2026-46233 batman-adv: bla: only purge non-released claims
Published on: 2026-05-29 01:07:22
Link: View Details
Information published.
CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
Published on: 2026-05-29 01:07:36
Link: View Details
Information published.
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
Published on: 2026-05-29 01:07:55
Link: View Details
Information published.
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop
Published on: 2026-05-29 01:07:46
Link: View Details
Information published.
CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
Published on: 2026-05-29 01:07:59
Link: View Details
Information published.
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
Published on: 2026-05-29 01:08:10
Link: View Details
Information published.
CVE-2026-46206 batman-adv: reject new tp_meter sessions during teardown
Published on: 2026-05-29 01:08:33
Link: View Details
Information published.
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)
Published on: 2026-05-29 01:08:44
Link: View Details
Information published.
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing
Published on: 2026-05-29 01:08:16
Link: View Details
Information published.
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
Published on: 2026-05-29 01:08:39
Link: View Details
Information published.
CVE-2026-46142 net: libwx: fix VF illegal register access
Published on: 2026-05-29 01:09:01
Link: View Details
Information published.
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
Published on: 2026-05-29 01:09:12
Link: View Details
Information published.
CVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Published on: 2026-05-29 01:08:27
Link: View Details
Information published.
CVE-2026-46184 sound: ua101: fix division by zero at probe
Published on: 2026-05-29 01:09:24
Link: View Details
Information published.
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
Published on: 2026-05-29 01:09:35
Link: View Details
Information published.
CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks
Published on: 2026-05-29 01:09:30
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-05-28 01:43:35
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-05-28 01:47:14
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-05-28 01:44:45
Link: View Details
Information published.
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Published on: 2026-05-28 01:47:36
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-05-28 01:45:34
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-05-28 01:46:11
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-05-28 01:46:42
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-05-28 01:47:27
Link: View Details
Information published.
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Published on: 2026-05-28 01:47:41
Link: View Details
Information published.
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Published on: 2026-05-28 01:47:46
Link: View Details
Information published.
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Published on: 2026-05-28 01:48:11
Link: View Details
Information published.
CVE-2026-46050 md/raid10: fix deadlock with check operation and nowait requests
Published on: 2026-05-28 01:01:27
Link: View Details
Information published.
CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work
Published on: 2026-05-28 01:01:40
Link: View Details
Information published.
CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients
Published on: 2026-05-28 01:01:58
Link: View Details
Information published.
CVE-2026-45917 ipvs: do not keep dest_dst if dev is going down
Published on: 2026-05-28 01:02:04
Link: View Details
Information published.
CVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
Published on: 2026-05-28 01:02:11
Link: View Details
Information published.
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check
Published on: 2026-05-28 01:02:23
Link: View Details
Information published.
CVE-2026-46005 xfs: fix a resource leak in xfs_alloc_buftarg()
Published on: 2026-05-28 01:02:35
Link: View Details
Information published.
CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised
Published on: 2026-05-28 01:02:41
Link: View Details
Information published.
CVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issues
Published on: 2026-05-28 01:02:53
Link: View Details
Information published.
CVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointers
Published on: 2026-05-28 01:03:06
Link: View Details
Information published.
CVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroy
Published on: 2026-05-28 01:03:12
Link: View Details
Information published.
CVE-2026-46012 rxrpc: Fix memory leaks in rxkad_verify_response()
Published on: 2026-05-28 01:03:18
Link: View Details
Information published.
CVE-2026-46085 rxrpc: Fix rxkad crypto unalignment handling
Published on: 2026-05-28 01:03:24
Link: View Details
Information published.
CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
Published on: 2026-05-28 01:03:36
Link: View Details
Information published.
CVE-2026-46004 ALSA: caiaq: Handle probe errors properly
Published on: 2026-05-28 01:03:42
Link: View Details
Information published.
CVE-2026-45901 netfilter: nf_tables: revert commit_mutex usage in reset path
Published on: 2026-05-28 01:03:53
Link: View Details
Information published.
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion
Published on: 2026-05-28 01:04:04
Link: View Details
Information published.
CVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entry
Published on: 2026-05-28 01:04:10
Link: View Details
Information published.
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies
Published on: 2026-05-28 01:04:29
Link: View Details
Information published.
CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks
Published on: 2026-05-28 01:04:40
Link: View Details
Information published.
CVE-2026-45991 udf: fix partition descriptor append bookkeeping
Published on: 2026-05-28 01:04:53
Link: View Details
Information published.
CVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msg
Published on: 2026-05-28 01:04:59
Link: View Details
Information published.
CVE-2026-46088 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
Published on: 2026-05-28 01:05:05
Link: View Details
Information published.
CVE-2026-46051 md/raid5: fix soft lockup in retry_aligned_read()
Published on: 2026-05-28 01:05:17
Link: View Details
Information published.
CVE-2026-46053 net: rds: fix MR cleanup on copy error
Published on: 2026-05-28 01:05:23
Link: View Details
Information published.
CVE-2026-46018 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
Published on: 2026-05-28 01:05:30
Link: View Details
Information published.
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
Published on: 2026-05-28 01:05:43
Link: View Details
Information published.
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
Published on: 2026-05-28 01:05:49
Link: View Details
Information published.
CVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entry
Published on: 2026-05-28 01:05:48
Link: View Details
Information published.
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given
Published on: 2026-05-28 01:05:54
Link: View Details
Information published.
CVE-2026-45836 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()
Published on: 2026-05-28 01:05:55
Link: View Details
Information published.
CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path
Published on: 2026-05-28 01:06:00
Link: View Details
Information published.
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments
Published on: 2026-05-28 01:06:03
Link: View Details
Information published.
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
Published on: 2026-05-28 01:06:07
Link: View Details
Information published.
CVE-2026-45940 net: stmmac: fix oops when split header is enabled
Published on: 2026-05-28 01:06:13
Link: View Details
Information published.
CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass
Published on: 2026-05-28 01:06:16
Link: View Details
Information published.
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Published on: 2026-05-28 01:06:27
Link: View Details
Information published.
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory
Published on: 2026-05-28 01:06:31
Link: View Details
Information published.
CVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclusters
Published on: 2026-05-28 01:06:46
Link: View Details
Information published.
CVE-2026-46017 mm: fix deferred split queue races during migration
Published on: 2026-05-28 01:06:52
Link: View Details
Information published.
CVE-2026-45897 netfilter: nft_counter: serialize reset with spinlock
Published on: 2026-05-28 01:06:49
Link: View Details
Information published.
CVE-2026-45997 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
Published on: 2026-05-28 01:07:02
Link: View Details
Information published.
CVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()
Published on: 2026-05-28 01:07:18
Link: View Details
Information published.
CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Published on: 2026-05-28 01:07:24
Link: View Details
Information published.
CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()
Published on: 2026-05-28 01:07:25
Link: View Details
Information published.
CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories
Published on: 2026-05-28 01:07:30
Link: View Details
Information published.
CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks
Published on: 2026-05-28 01:07:31
Link: View Details
Information published.
CVE-2026-46052 ceph: only d_add() negative dentries when they are unhashed
Published on: 2026-05-28 01:07:37
Link: View Details
Information published.
CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
Published on: 2026-05-28 01:07:12
Link: View Details
Information published.
CVE-2026-46070 md/raid5: validate payload size before accessing journal metadata
Published on: 2026-05-28 01:07:42
Link: View Details
Information published.
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
Published on: 2026-05-28 01:07:54
Link: View Details
Information published.
CVE-2026-45994 ibmasm: fix OOB reads in command_file_write due to missing size checks
Published on: 2026-05-28 01:08:00
Link: View Details
Information published.
CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
Published on: 2026-05-28 01:08:06
Link: View Details
Information published.
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Published on: 2026-05-28 01:08:39
Link: View Details
Information published.
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
Published on: 2026-05-28 01:09:02
Link: View Details
Information published.
CVE-2026-46101 netfilter: reject zero shift in nft_bitwise
Published on: 2026-05-28 01:09:29
Link: View Details
Information published.
CVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRs
Published on: 2026-05-28 01:09:40
Link: View Details
Information published.
CVE-2026-45845 net/sched: taprio: fix NULL pointer dereference in class dump
Published on: 2026-05-28 01:09:34
Link: View Details
Information published.
CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers
Published on: 2026-05-28 01:09:46
Link: View Details
Information published.
CVE-2026-46065 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
Published on: 2026-05-28 01:09:51
Link: View Details
Information published.
CVE-2026-46098 net: caif: clear client service pointer on teardown
Published on: 2026-05-28 01:09:57
Link: View Details
Information published.
CVE-2026-45861 gfs2: Fix slab-use-after-free in qd_put
Published on: 2026-05-28 01:10:08
Link: View Details
Information published.
CVE-2026-46077 crypto: atmel-tdes - fix DMA sync direction
Published on: 2026-05-28 01:10:19
Link: View Details
Information published.
CVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturn
Published on: 2026-05-28 01:10:24
Link: View Details
Information published.
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
Published on: 2026-05-28 01:10:41
Link: View Details
Information published.
CVE-2026-45956 drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()
Published on: 2026-05-28 01:10:35
Link: View Details
Information published.
CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
Published on: 2026-05-28 01:10:53
Link: View Details
Information published.
CVE-2026-45843 slip: bound decode() reads against the compressed packet length
Published on: 2026-05-28 01:11:04
Link: View Details
Information published.
CVE-2026-46024 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
Published on: 2026-05-28 01:11:21
Link: View Details
Information published.
CVE-2026-45963 ASoC: nau8821: Cancel delayed work on component remove
Published on: 2026-05-28 01:11:32
Link: View Details
Information published.
CVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failure
Published on: 2026-05-28 01:11:26
Link: View Details
Information published.
CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()
Published on: 2026-05-28 01:11:43
Link: View Details
Information published.
CVE-2026-45844 netfilter: arp_tables: fix IEEE1394 ARP payload parsing
Published on: 2026-05-28 01:11:49
Link: View Details
Information published.
CVE-2026-45892 ext4: drop extent cache after doing PARTIAL_VALID1 zeroout
Published on: 2026-05-28 01:11:54
Link: View Details
Information published.
CVE-2026-46022 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
Published on: 2026-05-28 01:12:05
Link: View Details
Information published.
CVE-2026-46102 net: strparser: fix skb_head leak in strp_abort_strp()
Published on: 2026-05-28 01:12:18
Link: View Details
Information published.
CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered
Published on: 2026-05-28 01:12:23
Link: View Details
Information published.
CVE-2026-46000 rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
Published on: 2026-05-28 01:12:29
Link: View Details
Information published.
CVE-2025-71305 drm/display/dp_mst: Add protection against 0 vcpi
Published on: 2026-05-28 01:12:34
Link: View Details
Information published.
CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
Published on: 2026-05-28 01:12:45
Link: View Details
Information published.
CVE-2026-46003 net: qrtr: ns: Limit the total number of nodes
Published on: 2026-05-28 01:12:51
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-05-28 01:42:33
Link: View Details
Information published.
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Published on: 2026-05-28 01:48:03
Link: View Details
Information published.
CVE-2026-46048 ALSA: caiaq: fix usb_dev refcount leak on probe failure
Published on: 2026-05-28 01:01:21
Link: View Details
Information published.
CVE-2026-46002 ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()
Published on: 2026-05-28 01:01:33
Link: View Details
Information published.
CVE-2026-46078 erofs: fix the out-of-bounds nameoff handling for trailing dirents
Published on: 2026-05-28 01:01:46
Link: View Details
Information published.
CVE-2026-46064 ibmasm: fix heap over-read in ibmasm_send_i2o_message()
Published on: 2026-05-28 01:01:51
Link: View Details
Information published.
CVE-2026-46075 crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
Published on: 2026-05-28 01:02:17
Link: View Details
Information published.
CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload
Published on: 2026-05-28 01:02:29
Link: View Details
Information published.
CVE-2026-45838 bpf: fix end-of-list detection in cgroup_storage_get_next_key()
Published on: 2026-05-28 01:02:48
Link: View Details
Information published.
CVE-2026-45899 ext4: drop extent cache when splitting extent fails
Published on: 2026-05-28 01:02:59
Link: View Details
Information published.
CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
Published on: 2026-05-28 01:03:30
Link: View Details
Information published.
CVE-2026-46049 ALSA: ctxfi: Add fallback to default RSR for S/PDIF
Published on: 2026-05-28 01:03:58
Link: View Details
Information published.
CVE-2026-46066 ceph: fix num_ops off-by-one when crypto allocation fails
Published on: 2026-05-28 01:04:16
Link: View Details
Information published.
CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()
Published on: 2026-05-28 01:04:23
Link: View Details
Information published.
CVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvation
Published on: 2026-05-28 01:04:34
Link: View Details
Information published.
CVE-2026-46058 media: amphion: Fix race between m2m job_abort and device_run
Published on: 2026-05-28 01:04:46
Link: View Details
Information published.
CVE-2026-46031 net: ks8851: Reinstate disabling of BHs around IRQ handler
Published on: 2026-05-28 01:05:11
Link: View Details
Information published.
CVE-2026-45912 ext4: don't cache extent during splitting extent
Published on: 2026-05-28 01:05:36
Link: View Details
Information published.
CVE-2026-45999 erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()
Published on: 2026-05-28 01:05:42
Link: View Details
Information published.
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive
Published on: 2026-05-28 01:06:08
Link: View Details
Information published.
CVE-2026-46091 media: rc: igorplugusb: heed coherency rules
Published on: 2026-05-28 01:06:20
Link: View Details
Information published.
CVE-2026-45958 drm/exynos: vidi: fix to avoid directly dereferencing user pointer
Published on: 2026-05-28 01:06:37
Link: View Details
Information published.
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
Published on: 2026-05-28 01:06:43
Link: View Details
Information published.
CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability
Published on: 2026-05-28 01:06:40
Link: View Details
Information published.
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Published on: 2026-05-28 01:06:34
Link: View Details
Information published.
CVE-2026-46089 zram: do not forget to endio for partial discard requests
Published on: 2026-05-28 01:06:56
Link: View Details
Information published.
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation
Published on: 2026-05-28 01:06:59
Link: View Details
Information published.
CVE-2026-46046 ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
Published on: 2026-05-28 01:07:05
Link: View Details
Information published.
CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Published on: 2026-05-28 01:07:14
Link: View Details
Information published.
CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport
Published on: 2026-05-28 01:07:36
Link: View Details
Information published.
CVE-2026-46038 net: qrtr: ns: Free the node during ctrl_cmd_bye()
Published on: 2026-05-28 01:07:48
Link: View Details
Information published.
CVE-2026-46040 inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
Published on: 2026-05-28 01:08:17
Link: View Details
Information published.
CVE-2026-45988 rxrpc: Fix re-decryption of RESPONSE packets
Published on: 2026-05-28 01:08:34
Link: View Details
Information published.
CVE-2026-45996 spi: imx: fix use-after-free on unbind
Published on: 2026-05-28 01:08:11
Link: View Details
Information published.
CVE-2026-45942 ext4: fix e4b bitmap inconsistency reports
Published on: 2026-05-28 01:08:22
Link: View Details
Information published.
CVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
Published on: 2026-05-28 01:08:51
Link: View Details
Information published.
CVE-2026-46103 can: ucan: fix devres lifetime
Published on: 2026-05-28 01:08:28
Link: View Details
Information published.
CVE-2026-46092 wifi: rtw88: check for PCI upstream bridge existence
Published on: 2026-05-28 01:08:56
Link: View Details
Information published.
CVE-2026-45842 slip: reject VJ receive packets on instances with no rstate array
Published on: 2026-05-28 01:09:07
Link: View Details
Information published.
CVE-2026-45949 hwrng: core - use RCU and work_struct to fix race condition
Published on: 2026-05-28 01:09:12
Link: View Details
Information published.
CVE-2026-46044 ipmi:ssif: Clean up kthread on errors
Published on: 2026-05-28 01:09:24
Link: View Details
Information published.
CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()
Published on: 2026-05-28 01:09:18
Link: View Details
Information published.
CVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() fails
Published on: 2026-05-28 01:10:02
Link: View Details
Information published.
CVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
Published on: 2026-05-28 01:10:13
Link: View Details
Information published.
CVE-2026-46083 spi: fix resource leaks on device setup failure
Published on: 2026-05-28 01:10:30
Link: View Details
Information published.
CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
Published on: 2026-05-28 01:10:46
Link: View Details
Information published.
CVE-2026-46015 tcp: call sk_data_ready() after listener migration
Published on: 2026-05-28 01:10:59
Link: View Details
Information published.
CVE-2026-45858 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1
Published on: 2026-05-28 01:11:10
Link: View Details
Information published.
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
Published on: 2026-05-28 01:11:16
Link: View Details
Information published.
CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop
Published on: 2026-05-28 01:11:37
Link: View Details
Information published.
CVE-2026-46082 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
Published on: 2026-05-28 01:12:00
Link: View Details
Information published.
CVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch table
Published on: 2026-05-28 01:12:12
Link: View Details
Information published.
CVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookups
Published on: 2026-05-28 01:12:40
Link: View Details
Information published.
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
Published on: 2026-05-28 01:12:56
Link: View Details
Information published.
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
Published on: 2026-05-28 01:13:02
Link: View Details
Information published.
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Published on: 2026-05-27 01:40:43
Link: View Details
Information published.
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Published on: 2026-05-27 01:42:56
Link: View Details
Information published.
CVE-2026-4893 CVE-2026-4893
Published on: 2026-05-27 01:39:54
Link: View Details
Information published.
CVE-2026-2291 CVE-2026-2291
Published on: 2026-05-27 01:40:02
Link: View Details
Information published.
CVE-2026-5172 CVE-2026-5172
Published on: 2026-05-27 01:40:10
Link: View Details
Information published.
CVE-2026-4890 CVE-2026-4890
Published on: 2026-05-27 01:40:17
Link: View Details
Information published.
CVE-2026-43503 net: skbuff: propagate shared-frag marker through frag-transfer helpers
Published on: 2026-05-27 01:01:26
Link: View Details
Information published.
CVE-2026-46300 net: skbuff: preserve shared-frag marker during coalescing
Published on: 2026-05-27 01:01:32
Link: View Details
Information published.
CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing
Published on: 2026-05-27 01:01:38
Link: View Details
Information published.
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Published on: 2026-05-27 01:05:02
Link: View Details
Information published.
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
Published on: 2026-05-27 01:08:22
Link: View Details
Information published.
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
Published on: 2026-05-27 01:09:30
Link: View Details
Information published.
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Published on: 2026-05-27 01:10:38
Link: View Details
Information published.
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Published on: 2026-05-27 01:11:48
Link: View Details
Information published.
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:12:24
Link: View Details
Information published.
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:12:59
Link: View Details
Information published.
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:13:34
Link: View Details
Information published.
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:14:09
Link: View Details
Information published.
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:14:45
Link: View Details
Information published.
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:15:20
Link: View Details
Information published.
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:15:56
Link: View Details
Information published.
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:16:38
Link: View Details
Information published.
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
Published on: 2026-05-27 01:17:17
Link: View Details
Information published.
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
Published on: 2026-05-27 01:17:33
Link: View Details
Information published.
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
Published on: 2026-05-27 01:17:49
Link: View Details
Information published.
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Published on: 2026-05-27 01:18:00
Link: View Details
Information published.
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
Published on: 2026-05-27 01:18:07
Link: View Details
Information published.
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
Published on: 2026-05-27 01:18:12
Link: View Details
Information published.
CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability
Published on: 2026-05-27 01:18:17
Link: View Details
Information published.
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Published on: 2026-05-27 01:18:22
Link: View Details
Information published.
CVE-2026-5222 Cargo can be coerced to share credentials between registries
Published on: 2026-05-27 01:18:44
Link: View Details
Information published.
CVE-2026-4891 CVE-2026-4891
Published on: 2026-05-27 01:39:47
Link: View Details
Information published.
CVE-2026-8711 NGINX JavaScript vulnerability
Published on: 2026-05-27 01:40:27
Link: View Details
Information published.
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Published on: 2026-05-27 01:01:43
Link: View Details
Information published.
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Published on: 2026-05-27 01:03:52
Link: View Details
Information published.
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published on: 2026-05-27 01:06:09
Link: View Details
Information published.
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
Published on: 2026-05-27 01:16:55
Link: View Details
Information published.
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
Published on: 2026-05-27 01:18:28
Link: View Details
Information published.
CVE-2026-5223 Crates in third party registries can override the cached source of other crates
Published on: 2026-05-27 01:18:36
Link: View Details
Information published.
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
CWE added. Informational change only.
CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
CWE added. Informational change only.
CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
In the Security Updates table, added links to the Release Notes. This is an informational change only.
CVE-2026-45584 Microsoft Defender Remote Code Execution Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
In the Security Updates table, added links to the Release Notes. This is an informational change only.
CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability
Published on: 2026-05-26 07:00:00
Link: View Details
Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to take any further action.
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
Published on: 2026-05-26 01:38:55
Link: View Details
Information published.
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Published on: 2026-05-26 01:39:11
Link: View Details
Information published.
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Published on: 2026-05-26 01:39:03
Link: View Details
Information published.
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Published on: 2026-05-26 01:41:55
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-05-26 01:38:14
Link: View Details
Information published.
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Published on: 2026-05-26 01:38:25
Link: View Details
Information published.
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Published on: 2026-05-26 01:38:33
Link: View Details
Information published.
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
Published on: 2026-05-26 01:38:43
Link: View Details
Information published.
CVE-2026-43029 mptcp: fix soft lockup in mptcp_recvmsg()
Published on: 2026-05-25 01:01:50
Link: View Details
Information published.
CVE-2026-43414 scsi: qla2xxx: Completely fix fcport double free
Published on: 2026-05-25 01:01:39
Link: View Details
Information published.
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit
Published on: 2026-05-24 01:42:19
Link: View Details
Information published.
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Published on: 2026-05-23 01:42:33
Link: View Details
Information published.
CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error
Published on: 2026-05-23 01:40:23
Link: View Details
Information published.
CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.
Published on: 2026-05-23 01:40:43
Link: View Details
Information published.
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Published on: 2026-05-23 01:40:16
Link: View Details
Information published.
CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
Published on: 2026-05-23 01:39:39
Link: View Details
Information published.
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Published on: 2026-05-23 01:44:47
Link: View Details
Information published.
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow
Published on: 2026-05-23 01:44:35
Link: View Details
Information published.
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
Published on: 2026-05-23 01:44:58
Link: View Details
Information published.
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
Published on: 2026-05-23 01:38:14
Link: View Details
Information published.
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Published on: 2026-05-23 01:38:23
Link: View Details
Information published.
CVE-2026-32792 Packet of death with DNSCrypt
Published on: 2026-05-23 01:39:08
Link: View Details
Information published.
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
Published on: 2026-05-23 01:39:17
Link: View Details
Information published.
CVE-2026-42959 Crash during DNSSEC validation of malicious content
Published on: 2026-05-23 01:39:27
Link: View Details
Information published.
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
Published on: 2026-05-23 01:39:36
Link: View Details
Information published.
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
Published on: 2026-05-23 01:39:45
Link: View Details
Information published.
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
Published on: 2026-05-23 01:40:27
Link: View Details
Information published.
CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation
Published on: 2026-05-23 01:01:20
Link: View Details
Information published.
CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records
Published on: 2026-05-23 01:01:26
Link: View Details
Information published.
CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
Published on: 2026-05-23 01:01:32
Link: View Details
Information published.
CVE-2026-5946 Invalid handling of CLASS != IN
Published on: 2026-05-23 01:01:39
Link: View Details
Information published.
CVE-2026-5950 Unbounded resend loop in BIND 9 resolver
Published on: 2026-05-23 01:01:51
Link: View Details
Information published.
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
Published on: 2026-05-23 01:01:57
Link: View Details
Information published.
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit
Published on: 2026-05-23 01:02:03
Link: View Details
Information published.
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Published on: 2026-05-23 01:02:15
Link: View Details
Information published.
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
Published on: 2026-05-23 01:02:20
Link: View Details
Information published.
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
Published on: 2026-05-23 01:38:32
Link: View Details
Information published.
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
Published on: 2026-05-23 01:38:41
Link: View Details
Information published.
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Published on: 2026-05-23 01:38:58
Link: View Details
Information published.
CVE-2026-41292 Long list of incoming EDNS options degrades performance
Published on: 2026-05-23 01:39:54
Link: View Details
Information published.
CVE-2026-42534 Jostle logic bypass degrades resolution performance
Published on: 2026-05-23 01:40:05
Link: View Details
Information published.
CVE-2026-40622 Another 'ghost domain names' attack variant
Published on: 2026-05-23 01:40:18
Link: View Details
Information published.
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
Published on: 2026-05-23 01:40:36
Link: View Details
Information published.
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
Published on: 2026-05-23 01:40:45
Link: View Details
Information published.
CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior
Published on: 2026-05-23 01:01:45
Link: View Details
Information published.
CVE-2026-8711 NGINX JavaScript vulnerability
Published on: 2026-05-23 01:02:09
Link: View Details
Information published.
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
Published on: 2026-05-22 07:00:00
Link: View Details
The executive summary has been updated to include additional details about this vulnerability. This change does not affect the available security updates. Customers should install the recommended updates to remain protected from this vulnerability.
CVE-2026-34336 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-05-22 07:00:00
Link: View Details
The security impact for this CVE has been revised based on a re-assessment of the vulnerability. The original classification of Information Disclosure (ID) has been updated to Elevation of Privilege (EoP).
CVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsize
Published on: 2026-05-22 01:38:18
Link: View Details
Information published.
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Published on: 2026-05-22 01:41:35
Link: View Details
Information published.
CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
Published on: 2026-05-22 01:44:36
Link: View Details
Information published.
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Published on: 2026-05-22 01:41:27
Link: View Details
Information published.
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Published on: 2026-05-22 01:41:35
Link: View Details
Information published.
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Published on: 2026-05-22 01:41:42
Link: View Details
Information published.
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Published on: 2026-05-22 01:41:50
Link: View Details
Information published.
CVE-2025-40158 ipv6: use RCU in ip6_output()
Published on: 2026-05-22 01:41:57
Link: View Details
Information published.
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Published on: 2026-05-22 01:42:05
Link: View Details
Information published.
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Published on: 2026-05-22 01:45:23
Link: View Details
Information published.
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Published on: 2026-05-22 01:45:31
Link: View Details
Information published.
CVE-2025-71072 shmem: fix recovery on rename failures
Published on: 2026-05-22 01:45:38
Link: View Details
Information published.
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
Published on: 2026-05-22 01:46:01
Link: View Details
Information published.
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification
Published on: 2026-05-22 01:46:17
Link: View Details
Information published.
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
Published on: 2026-05-22 01:45:46
Link: View Details
Information published.
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
Published on: 2026-05-22 01:45:53
Link: View Details
Information published.
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
Published on: 2026-05-22 01:46:09
Link: View Details
Information published.
CVE-2026-23223 xfs: fix UAF in xchk_btree_check_block_owner
Published on: 2026-05-22 01:46:24
Link: View Details
Information published.
CVE-2026-23225 sched/mmcid: Don't assume CID is CPU owned on mode switch
Published on: 2026-05-22 01:46:31
Link: View Details
Information published.
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
Published on: 2026-05-22 01:47:20
Link: View Details
Information published.
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
Published on: 2026-05-22 01:44:52
Link: View Details
Information published.
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Published on: 2026-05-22 01:45:06
Link: View Details
Information published.
CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
Published on: 2026-05-22 01:44:59
Link: View Details
Information published.
CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s
Published on: 2026-05-22 01:43:31
Link: View Details
Information published.
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
Published on: 2026-05-22 01:43:39
Link: View Details
Information published.
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
Published on: 2026-05-22 01:43:46
Link: View Details
Information published.
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership
Published on: 2026-05-22 01:43:53
Link: View Details
Information published.
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
Published on: 2026-05-22 01:44:12
Link: View Details
Information published.
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Published on: 2026-05-22 01:44:27
Link: View Details
Information published.
CVE-2025-68736 landlock: Fix handling of disconnected directories
Published on: 2026-05-22 01:44:43
Link: View Details
Information published.
CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Published on: 2026-05-22 01:44:51
Link: View Details
Information published.
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
Published on: 2026-05-22 01:43:08
Link: View Details
Information published.
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
Published on: 2026-05-22 01:43:23
Link: View Details
Information published.
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
Published on: 2026-05-22 01:44:04
Link: View Details
Information published.
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
Published on: 2026-05-22 01:44:19
Link: View Details
Information published.
CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Published on: 2026-05-22 01:44:59
Link: View Details
Information published.
CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Published on: 2026-05-22 01:45:10
Link: View Details
Information published.
CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
Published on: 2026-05-22 01:38:51
Link: View Details
Information published.
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
Published on: 2026-05-22 01:46:23
Link: View Details
Information published.
CVE-2025-38636 rv: Use strings in da monitors tracepoints
Published on: 2026-05-22 01:46:31
Link: View Details
Information published.
CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
Published on: 2026-05-22 01:46:01
Link: View Details
Information published.
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
Published on: 2026-05-22 01:46:08
Link: View Details
Information published.
CVE-2025-38584 padata: Fix pd UAF once and for all
Published on: 2026-05-22 01:46:16
Link: View Details
Information published.
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Published on: 2026-05-22 01:40:38
Link: View Details
Information published.
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Published on: 2026-05-22 01:38:10
Link: View Details
Information published.
CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)
Published on: 2026-05-22 01:39:01
Link: View Details
Information published.
CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev().
Published on: 2026-05-22 01:39:53
Link: View Details
Information published.
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
Published on: 2026-05-22 01:38:36
Link: View Details
Information published.
CVE-2025-39901 i40e: remove read access to debugfs files
Published on: 2026-05-22 01:38:44
Link: View Details
Information published.
CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
Published on: 2026-05-22 01:38:53
Link: View Details
Information published.
CVE-2025-39940 dm-stripe: fix a possible integer overflow
Published on: 2026-05-22 01:39:10
Link: View Details
Information published.
CVE-2025-39990 bpf: Check the helper function is valid in get_helper_proto
Published on: 2026-05-22 01:39:22
Link: View Details
Information published.
CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work
Published on: 2026-05-22 01:39:31
Link: View Details
Information published.
CVE-2025-40074 ipv4: start using dst_dev_rcu()
Published on: 2026-05-22 01:39:44
Link: View Details
Information published.
CVE-2025-40065 RISC-V: KVM: Write hgatp register with valid mode bits
Published on: 2026-05-22 01:40:03
Link: View Details
Information published.
CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()
Published on: 2026-05-22 01:40:11
Link: View Details
Information published.
CVE-2025-40057 ptp: Add a upper bound on max_vclocks
Published on: 2026-05-22 01:40:21
Link: View Details
Information published.
CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init
Published on: 2026-05-22 01:40:29
Link: View Details
Information published.
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
Published on: 2026-05-22 01:41:42
Link: View Details
Information published.
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Published on: 2026-05-22 01:41:07
Link: View Details
Information published.
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Published on: 2026-05-22 01:40:47
Link: View Details
Information published.
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Published on: 2026-05-22 01:41:01
Link: View Details
Information published.
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Published on: 2026-05-22 01:45:21
Link: View Details
Information published.
CVE-2025-38264 nvme-tcp: sanitize request list handling
Published on: 2026-05-22 01:45:13
Link: View Details
Information published.
CVE-2025-38340 firmware: cs_dsp: Fix OOB memory read access in KUnit test
Published on: 2026-05-22 01:45:29
Link: View Details
Information published.
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
Published on: 2026-05-22 01:45:38
Link: View Details
Information published.
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
Published on: 2026-05-22 01:45:46
Link: View Details
Information published.
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Published on: 2026-05-22 01:43:33
Link: View Details
Information published.
CVE-2024-41008 drm/amdgpu: change vm->task_info handling
Published on: 2026-05-22 01:44:44
Link: View Details
Information published.
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Published on: 2026-05-22 01:43:20
Link: View Details
Information published.
CVE-2024-41023 sched/deadline: Fix task_struct reference leak
Published on: 2026-05-22 01:39:30
Link: View Details
Information published.
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
Published on: 2026-05-22 01:38:34
Link: View Details
Information published.
CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
Published on: 2026-05-22 01:41:49
Link: View Details
Information published.
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Published on: 2026-05-22 01:42:46
Link: View Details
Information published.
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
Published on: 2026-05-22 01:40:00
Link: View Details
Information published.
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
Published on: 2026-05-22 01:40:27
Link: View Details
Information published.
CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free
Published on: 2026-05-22 01:40:10
Link: View Details
Information published.
CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
Published on: 2026-05-22 01:39:00
Link: View Details
Information published.
CVE-2024-57857 RDMA/siw: Remove direct link to net_device
Published on: 2026-05-22 01:40:18
Link: View Details
Information published.
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Published on: 2026-05-22 01:38:44
Link: View Details
Information published.
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Published on: 2026-05-22 01:40:10
Link: View Details
Information published.
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Published on: 2026-05-22 01:40:23
Link: View Details
Information published.
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Published on: 2026-05-22 01:40:32
Link: View Details
Information published.
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Published on: 2026-05-22 01:40:50
Link: View Details
Information published.
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Published on: 2026-05-22 01:40:59
Link: View Details
Information published.
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Published on: 2026-05-22 01:41:23
Link: View Details
Information published.
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Published on: 2026-05-22 01:41:33
Link: View Details
Information published.
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Published on: 2026-05-22 01:42:29
Link: View Details
Information published.
CVE-2026-31487 spi: use generic driver_override infrastructure
Published on: 2026-05-22 01:39:00
Link: View Details
Information published.
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Published on: 2026-05-22 01:39:09
Link: View Details
Information published.
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Published on: 2026-05-22 01:39:18
Link: View Details
Information published.
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Published on: 2026-05-22 01:39:27
Link: View Details
Information published.
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Published on: 2026-05-22 01:39:40
Link: View Details
Information published.
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Published on: 2026-05-22 01:39:49
Link: View Details
Information published.
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Published on: 2026-05-22 01:40:02
Link: View Details
Information published.
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Published on: 2026-05-22 01:40:41
Link: View Details
Information published.
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Published on: 2026-05-22 01:41:10
Link: View Details
Information published.
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Published on: 2026-05-22 01:41:50
Link: View Details
Information published.
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Published on: 2026-05-22 01:42:37
Link: View Details
Information published.
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Published on: 2026-05-22 01:44:29
Link: View Details
Information published.
CVE-2024-26944 btrfs: zoned: fix use-after-free in do_zone_finish()
Published on: 2026-05-22 01:39:08
Link: View Details
Information published.
CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
Published on: 2026-05-22 01:43:07
Link: View Details
Information published.
CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
Published on: 2026-05-22 01:44:18
Link: View Details
Information published.
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Published on: 2026-05-22 01:42:10
Link: View Details
Information published.
CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
Published on: 2026-05-22 01:42:31
Link: View Details
Information published.
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Published on: 2026-05-22 01:42:38
Link: View Details
Information published.
CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
Published on: 2026-05-22 01:43:47
Link: View Details
Information published.
CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
Published on: 2026-05-22 01:43:55
Link: View Details
Information published.
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Published on: 2026-05-22 01:41:21
Link: View Details
Information published.
CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
Published on: 2026-05-22 01:43:40
Link: View Details
Information published.
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Published on: 2026-05-22 01:41:12
Link: View Details
Information published.
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Published on: 2026-05-22 01:41:20
Link: View Details
Information published.
CVE-2026-23241 audit: add missing syscalls to read class
Published on: 2026-05-22 01:46:50
Link: View Details
Information published.
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Published on: 2026-05-22 01:47:28
Link: View Details
Information published.
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion
Published on: 2026-05-22 01:47:34
Link: View Details
Information published.
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Published on: 2026-05-22 01:47:52
Link: View Details
Information published.
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Published on: 2026-05-22 01:47:58
Link: View Details
Information published.
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Published on: 2026-05-22 01:41:40
Link: View Details
Information published.
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Published on: 2026-05-22 01:46:41
Link: View Details
Information published.
CVE-2026-23248 perf/core: Fix refcount bug and potential UAF in perf_mmap
Published on: 2026-05-22 01:46:58
Link: View Details
Information published.
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
Published on: 2026-05-22 01:47:05
Link: View Details
Information published.
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Published on: 2026-05-22 01:47:44
Link: View Details
Information published.
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Published on: 2026-05-22 01:48:03
Link: View Details
Information published.
CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message
Published on: 2026-05-22 01:38:24
Link: View Details
Information published.
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
Published on: 2026-05-22 01:40:54
Link: View Details
Information published.
CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
Published on: 2026-05-22 01:40:45
Link: View Details
Information published.
CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
Published on: 2026-05-22 01:40:36
Link: View Details
Information published.
CVE-2024-26756 md: Don't register sync_thread for reshape directly
Published on: 2026-05-22 01:39:52
Link: View Details
Information published.
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
Published on: 2026-05-22 01:39:21
Link: View Details
Information published.
CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
Published on: 2026-05-22 01:39:43
Link: View Details
Information published.
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
Published on: 2026-05-22 01:42:43
Link: View Details
Information published.
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
Published on: 2026-05-22 01:43:04
Link: View Details
Information published.
CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair
Published on: 2026-05-22 01:43:18
Link: View Details
Information published.
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers
Published on: 2026-05-22 01:43:25
Link: View Details
Information published.
CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper
Published on: 2026-05-22 01:43:32
Link: View Details
Information published.
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl
Published on: 2026-05-22 01:43:40
Link: View Details
Information published.
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Published on: 2026-05-22 01:44:43
Link: View Details
Information published.
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Published on: 2026-05-22 01:44:52
Link: View Details
Information published.
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Published on: 2026-05-22 01:44:59
Link: View Details
Information published.
CVE-2026-43245 ntfs: ->d_compare() must not block
Published on: 2026-05-22 01:45:13
Link: View Details
Information published.
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Published on: 2026-05-22 01:45:44
Link: View Details
Information published.
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Published on: 2026-05-22 01:46:04
Link: View Details
Information published.
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Published on: 2026-05-22 01:46:14
Link: View Details
Information published.
CVE-2026-43331 x86/kexec: Disable KCOV instrumentation after load_segments()
Published on: 2026-05-22 01:47:50
Link: View Details
Information published.
CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock
Published on: 2026-05-22 01:47:57
Link: View Details
Information published.
CVE-2026-43303 mm/page_alloc: clear page->private in free_pages_prepare()
Published on: 2026-05-22 01:48:02
Link: View Details
Information published.
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Published on: 2026-05-22 01:38:50
Link: View Details
Information published.
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
Published on: 2026-05-22 01:38:59
Link: View Details
Information published.
CVE-2026-43490 ksmbd: validate inherited ACE SID length
Published on: 2026-05-22 01:39:24
Link: View Details
Information published.
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
Published on: 2026-05-22 01:39:49
Link: View Details
Information published.
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Published on: 2026-05-22 01:39:57
Link: View Details
Information published.
CVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
Published on: 2026-05-22 01:01:28
Link: View Details
Information published.
CVE-2026-43499 rtmutex: Use waiter::task instead of current in remove_waiter()
Published on: 2026-05-22 01:01:34
Link: View Details
Information published.
CVE-2026-43497 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
Published on: 2026-05-22 01:01:44
Link: View Details
Information published.
CVE-2026-43502 net/rds: handle zerocopy send cleanup before the message is queued
Published on: 2026-05-22 01:01:50
Link: View Details
Information published.
CVE-2026-43501 ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
Published on: 2026-05-22 01:01:55
Link: View Details
Information published.
CVE-2026-43496 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked
Published on: 2026-05-22 01:02:01
Link: View Details
Information published.
CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()
Published on: 2026-05-22 01:42:54
Link: View Details
Information published.
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
Published on: 2026-05-22 01:43:11
Link: View Details
Information published.
CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()
Published on: 2026-05-22 01:43:46
Link: View Details
Information published.
CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Published on: 2026-05-22 01:43:56
Link: View Details
Information published.
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking
Published on: 2026-05-22 01:44:03
Link: View Details
Information published.
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Published on: 2026-05-22 01:44:30
Link: View Details
Information published.
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Published on: 2026-05-22 01:44:36
Link: View Details
Information published.
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Published on: 2026-05-22 01:45:06
Link: View Details
Information published.
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Published on: 2026-05-22 01:45:27
Link: View Details
Information published.
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Published on: 2026-05-22 01:45:34
Link: View Details
Information published.
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Published on: 2026-05-22 01:45:51
Link: View Details
Information published.
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Published on: 2026-05-22 01:45:57
Link: View Details
Information published.
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Published on: 2026-05-22 01:46:24
Link: View Details
Information published.
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Published on: 2026-05-22 01:46:31
Link: View Details
Information published.
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Published on: 2026-05-22 01:46:40
Link: View Details
Information published.
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Published on: 2026-05-22 01:46:48
Link: View Details
Information published.
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Published on: 2026-05-22 01:46:58
Link: View Details
Information published.
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Published on: 2026-05-22 01:47:05
Link: View Details
Information published.
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Published on: 2026-05-22 01:47:13
Link: View Details
Information published.
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Published on: 2026-05-22 01:47:20
Link: View Details
Information published.
CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls
Published on: 2026-05-22 01:47:27
Link: View Details
Information published.
CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
Published on: 2026-05-22 01:47:34
Link: View Details
Information published.
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain
Published on: 2026-05-22 01:47:44
Link: View Details
Information published.
CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF
Published on: 2026-05-22 01:48:13
Link: View Details
Information published.
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
Published on: 2026-05-22 01:39:40
Link: View Details
Information published.
CVE-2026-45736 ws: Uninitialized memory disclosure
Published on: 2026-05-22 01:40:55
Link: View Details
Information published.
CVE-2026-43464 net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ
Published on: 2026-05-22 01:01:22
Link: View Details
Information published.
CVE-2026-43495 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler
Published on: 2026-05-22 01:01:39
Link: View Details
Information published.
CVE-2026-43494 net/rds: reset op_nents when zerocopy page pin fails
Published on: 2026-05-22 01:02:07
Link: View Details
Information published.
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Published on: 2026-05-22 01:47:19
Link: View Details
Information published.
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Published on: 2026-05-22 01:47:30
Link: View Details
Information published.
CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Published on: 2026-05-22 01:47:44
Link: View Details
Information published.
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Published on: 2026-05-22 01:38:21
Link: View Details
Information published.
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Published on: 2026-05-22 01:46:57
Link: View Details
Information published.
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Published on: 2026-05-22 01:47:04
Link: View Details
Information published.
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Published on: 2026-05-22 01:47:51
Link: View Details
Information published.
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Published on: 2026-05-22 01:38:06
Link: View Details
Information published.
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Published on: 2026-05-22 01:38:12
Link: View Details
Information published.
CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Published on: 2026-05-22 01:43:16
Link: View Details
Information published.
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-05-21 07:00:00
Link: View Details
Fixed a typographical error. This is an information change only.
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-05-21 07:00:00
Link: View Details
Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Published on: 2026-05-21 01:39:26
Link: View Details
Information published.
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
Published on: 2026-05-21 01:01:17
Link: View Details
Information published.
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
Published on: 2026-05-21 01:01:23
Link: View Details
Information published.
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Published on: 2026-05-21 01:01:28
Link: View Details
Information published.
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
Published on: 2026-05-21 01:01:53
Link: View Details
Information published.
CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Published on: 2026-05-21 01:01:59
Link: View Details
Information published.
CVE-2026-32792 Packet of death with DNSCrypt
Published on: 2026-05-21 01:02:10
Link: View Details
Information published.
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
Published on: 2026-05-21 01:02:16
Link: View Details
Information published.
CVE-2026-42959 Crash during DNSSEC validation of malicious content
Published on: 2026-05-21 01:02:21
Link: View Details
Information published.
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
Published on: 2026-05-21 01:02:27
Link: View Details
Information published.
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
Published on: 2026-05-21 01:02:32
Link: View Details
Information published.
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
Published on: 2026-05-21 01:02:54
Link: View Details
Information published.
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
Published on: 2026-05-21 01:03:11
Link: View Details
Information published.
CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Published on: 2026-05-21 01:03:23
Link: View Details
Information published.
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic
Published on: 2026-05-21 01:01:46
Link: View Details
Information published.
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
Published on: 2026-05-21 01:01:34
Link: View Details
Information published.
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
Published on: 2026-05-21 01:01:40
Link: View Details
Information published.
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Published on: 2026-05-21 01:02:04
Link: View Details
Information published.
CVE-2026-41292 Long list of incoming EDNS options degrades performance
Published on: 2026-05-21 01:02:38
Link: View Details
Information published.
CVE-2026-42534 Jostle logic bypass degrades resolution performance
Published on: 2026-05-21 01:02:43
Link: View Details
Information published.
CVE-2026-40622 Another 'ghost domain names' attack variant
Published on: 2026-05-21 01:02:49
Link: View Details
Information published.
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
Published on: 2026-05-21 01:03:00
Link: View Details
Information published.
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
Published on: 2026-05-21 01:03:06
Link: View Details
Information published.
CVE-2026-45736 ws: Uninitialized memory disclosure
Published on: 2026-05-21 01:03:17
Link: View Details
Information published.
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-20 07:00:00
Link: View Details
Today's changes were made in error and have been reverted. This is an informational change only.
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-20 07:00:00
Link: View Details
The security impact for this vulnerability has been revised from Critical to Important. In addition, the CVSS vector and FAQs were modified. This change does not affect the available security updates. Customers should continue to install the recommended updates to remain protected from this vulnerability.
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Published on: 2026-05-20 01:39:54
Link: View Details
Information published.
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
Published on: 2026-05-20 01:01:28
Link: View Details
Information published.
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Published on: 2026-05-20 01:01:33
Link: View Details
Information published.
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
Published on: 2026-05-20 01:40:07
Link: View Details
Information published.
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
Published on: 2026-05-20 01:01:22
Link: View Details
Information published.
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Published on: 2026-05-19 07:00:00
Link: View Details
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Published on: 2026-05-19 01:42:54
Link: View Details
Information published.
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Published on: 2026-05-19 01:01:58
Link: View Details
Information published.
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Published on: 2026-05-19 01:01:52
Link: View Details
Information published.
CVE-2025-0665 eventfd double close
Published on: 2026-05-19 01:01:31
Link: View Details
Information published.
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Published on: 2026-05-19 01:43:29
Link: View Details
Information published.
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Published on: 2026-05-19 01:39:01
Link: View Details
Information published.
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Published on: 2026-05-19 01:40:45
Link: View Details
Information published.
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Published on: 2026-05-19 01:40:53
Link: View Details
Information published.
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Published on: 2026-05-19 01:39:29
Link: View Details
Information published.
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Published on: 2026-05-19 01:39:13
Link: View Details
Information published.
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Published on: 2026-05-19 01:40:12
Link: View Details
Information published.
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
Published on: 2026-05-19 01:44:38
Link: View Details
Information published.
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
Published on: 2026-05-19 01:46:32
Link: View Details
Information published.
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Published on: 2026-05-19 01:47:32
Link: View Details
Information published.
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Published on: 2026-05-19 01:47:37
Link: View Details
Information published.
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-05-19 01:47:43
Link: View Details
Information published.
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Published on: 2026-05-19 01:47:48
Link: View Details
Information published.
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Published on: 2026-05-19 01:47:54
Link: View Details
Information published.
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Published on: 2026-05-19 01:48:00
Link: View Details
Information published.
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Published on: 2026-05-19 01:48:06
Link: View Details
Information published.
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Published on: 2026-05-19 01:48:11
Link: View Details
Information published.
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Published on: 2026-05-19 01:48:17
Link: View Details
Information published.
CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
Published on: 2026-05-19 01:48:22
Link: View Details
Information published.
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Published on: 2026-05-19 01:49:36
Link: View Details
Information published.
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move
Published on: 2026-05-19 01:41:00
Link: View Details
Information published.
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
Published on: 2026-05-19 01:41:08
Link: View Details
Information published.
CVE-2026-31721 usb: gadget: f_hid: move list and spinlock inits from bind to alloc
Published on: 2026-05-19 01:41:59
Link: View Details
Information published.
CVE-2026-31704 ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
Published on: 2026-05-19 01:42:08
Link: View Details
Information published.
CVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()
Published on: 2026-05-19 01:42:17
Link: View Details
Information published.
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Published on: 2026-05-19 01:45:49
Link: View Details
Information published.
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Published on: 2026-05-19 01:46:01
Link: View Details
Information published.
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Published on: 2026-05-19 01:49:02
Link: View Details
Information published.
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Published on: 2026-05-19 01:49:26
Link: View Details
Information published.
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Published on: 2026-05-19 01:38:58
Link: View Details
Information published.
CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Published on: 2026-05-19 01:39:13
Link: View Details
Information published.
CVE-2026-37458 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
Published on: 2026-05-19 01:39:20
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-05-19 01:43:03
Link: View Details
Information published.
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Published on: 2026-05-19 01:44:27
Link: View Details
Information published.
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
Published on: 2026-05-19 01:40:04
Link: View Details
Information published.
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing
Published on: 2026-05-19 01:40:10
Link: View Details
Information published.
CVE-2026-45186 In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Published on: 2026-05-19 01:40:24
Link: View Details
Information published.
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Published on: 2026-05-19 01:45:29
Link: View Details
Information published.
CVE-2026-4873 connection reuse ignores TLS requirement
Published on: 2026-05-19 01:46:08
Link: View Details
Information published.
CVE-2026-6429 netrc credential leak with reused proxy connection
Published on: 2026-05-19 01:46:26
Link: View Details
Information published.
CVE-2026-5545 wrong reuse of HTTP Negotiate connection
Published on: 2026-05-19 01:01:47
Link: View Details
Information published.
CVE-2026-6253 proxy credentials leak over redirect-to proxy
Published on: 2026-05-19 01:46:47
Link: View Details
Information published.
CVE-2026-5773 wrong reuse of SMB connection
Published on: 2026-05-19 01:47:13
Link: View Details
Information published.
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
Published on: 2026-05-19 01:47:48
Link: View Details
Information published.
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Published on: 2026-05-19 01:48:00
Link: View Details
Information published.
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
Published on: 2026-05-19 01:02:09
Link: View Details
Information published.
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Published on: 2026-05-19 01:02:03
Link: View Details
Information published.
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Published on: 2026-05-19 01:49:22
Link: View Details
Information published.
CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping
Published on: 2026-05-19 01:41:16
Link: View Details
Information published.
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move
Published on: 2026-05-19 01:41:24
Link: View Details
Information published.
CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move
Published on: 2026-05-19 01:41:31
Link: View Details
Information published.
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()
Published on: 2026-05-19 01:41:45
Link: View Details
Information published.
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Published on: 2026-05-19 01:41:52
Link: View Details
Information published.
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Published on: 2026-05-19 01:44:45
Link: View Details
Information published.
CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings
Published on: 2026-05-19 01:42:25
Link: View Details
Information published.
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE
Published on: 2026-05-19 01:45:24
Link: View Details
Information published.
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Published on: 2026-05-19 01:45:32
Link: View Details
Information published.
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Published on: 2026-05-19 01:45:38
Link: View Details
Information published.
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Published on: 2026-05-19 01:45:44
Link: View Details
Information published.
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Published on: 2026-05-19 01:45:55
Link: View Details
Information published.
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Published on: 2026-05-19 01:46:06
Link: View Details
Information published.
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks
Published on: 2026-05-19 01:46:13
Link: View Details
Information published.
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking
Published on: 2026-05-19 01:46:19
Link: View Details
Information published.
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Published on: 2026-05-19 01:48:33
Link: View Details
Information published.
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Published on: 2026-05-19 01:48:28
Link: View Details
Information published.
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Published on: 2026-05-19 01:48:39
Link: View Details
Information published.
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Published on: 2026-05-19 01:48:45
Link: View Details
Information published.
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Published on: 2026-05-19 01:48:51
Link: View Details
Information published.
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Published on: 2026-05-19 01:48:57
Link: View Details
Information published.
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Published on: 2026-05-19 01:49:12
Link: View Details
Information published.
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
Published on: 2026-05-19 01:49:21
Link: View Details
Information published.
CVE-2026-43317 most: core: fix leak on early registration failure
Published on: 2026-05-19 01:38:48
Link: View Details
Information published.
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Published on: 2026-05-19 01:39:05
Link: View Details
Information published.
CVE-2026-37459 An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Published on: 2026-05-19 01:39:27
Link: View Details
Information published.
CVE-2026-33811 Crash when handling long CNAME response in net
Published on: 2026-05-19 01:45:11
Link: View Details
Information published.
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Published on: 2026-05-19 01:45:22
Link: View Details
Information published.
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Published on: 2026-05-19 01:44:42
Link: View Details
Information published.
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Published on: 2026-05-19 01:44:12
Link: View Details
Information published.
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Published on: 2026-05-19 01:43:42
Link: View Details
Information published.
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Published on: 2026-05-19 01:43:57
Link: View Details
Information published.
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Published on: 2026-05-19 01:43:14
Link: View Details
Information published.
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Published on: 2026-05-19 01:43:28
Link: View Details
Information published.
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Published on: 2026-05-19 01:44:56
Link: View Details
Information published.
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
Published on: 2026-05-19 01:39:48
Link: View Details
Information published.
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Published on: 2026-05-19 01:39:56
Link: View Details
Information published.
CVE-2026-6276 stale custom cookie host causes cookie leak
Published on: 2026-05-19 01:45:50
Link: View Details
Information published.
CVE-2026-7168 cross-proxy Digest auth state leak
Published on: 2026-05-19 01:47:06
Link: View Details
Information published.
CVE-2026-8295 Integer overflow in simdjson
Published on: 2026-05-19 01:47:21
Link: View Details
Information published.
CVE-2026-4892 CVE-2026-4892
Published on: 2026-05-19 01:47:37
Link: View Details
Information published.
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Published on: 2026-05-19 01:49:43
Link: View Details
Information published.
CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
Published on: 2026-05-18 07:00:00
Link: View Details
The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the update becomes available.
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Published on: 2026-05-18 07:00:00
Link: View Details
Updated FAQ information. This is an informational change only.
CVE-2026-42822 Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability
Published on: 2026-05-18 07:00:00
Link: View Details
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Published on: 2026-05-18 07:00:00
Link: View Details
Update the Security Updates table to remove incorrectly added software
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Published on: 2026-05-18 01:39:12
Link: View Details
Information published.
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Published on: 2026-05-17 01:01:28
Link: View Details
Information published.
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
Published on: 2026-05-17 01:01:17
Link: View Details
Information published.
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
Published on: 2026-05-17 01:01:23
Link: View Details
Information published.
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
Published on: 2026-05-17 01:01:34
Link: View Details
Information published.
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Published on: 2026-05-17 01:01:51
Link: View Details
Information published.
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow
Published on: 2026-05-16 01:03:48
Link: View Details
Information published.
CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel
Published on: 2026-05-16 01:03:55
Link: View Details
Information published.
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
Published on: 2026-05-16 01:04:00
Link: View Details
Information published.
CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
Published on: 2026-05-16 01:04:06
Link: View Details
Information published.
CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection
Published on: 2026-05-16 01:04:28
Link: View Details
Information published.
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
Published on: 2026-05-16 01:04:33
Link: View Details
Information published.
CVE-2026-40460 NGINX ngx_quic_module vulnerability
Published on: 2026-05-16 01:04:45
Link: View Details
Information published.
CVE-2026-42934 NGINX ngx_http_charset_module vulnerability
Published on: 2026-05-16 01:04:55
Link: View Details
Information published.
CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
Published on: 2026-05-16 01:05:06
Link: View Details
Information published.
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Published on: 2026-05-16 01:05:37
Link: View Details
Information published.
CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Published on: 2026-05-16 01:05:12
Link: View Details
Information published.
CVE-2026-43490 ksmbd: validate inherited ACE SID length
Published on: 2026-05-16 01:05:47
Link: View Details
Information published.
CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
Published on: 2026-05-16 01:04:11
Link: View Details
Information published.
CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory
Published on: 2026-05-16 01:04:17
Link: View Details
Information published.
CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
Published on: 2026-05-16 01:04:23
Link: View Details
Information published.
CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
Published on: 2026-05-16 01:04:39
Link: View Details
Information published.
CVE-2026-40701 NGINX ngx_http_ssl_module vulnerability
Published on: 2026-05-16 01:04:50
Link: View Details
Information published.
CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability
Published on: 2026-05-16 01:05:01
Link: View Details
Information published.
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic
Published on: 2026-05-16 01:05:42
Link: View Details
Information published.
CVE-2026-40379 Azure Entra ID Spoofing Vulnerability
Published on: 2026-05-15 07:00:00
Link: View Details
Corrected CVE title. This is an informational change only.
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
Published on: 2026-05-15 07:00:00
Link: View Details
Updated Hotpatch links. This is in informational change only.
CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
Published on: 2026-05-15 07:00:00
Link: View Details
Updated Hotpatch links. This is in informational change only.
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Published on: 2026-05-15 07:00:00
Link: View Details
Updated Hotpatch links. This is in informational change only.
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Published on: 2026-05-15 01:38:59
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-05-15 01:42:14
Link: View Details
Information published.
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Published on: 2026-05-15 01:01:21
Link: View Details
Information published.
CVE-2026-4893 CVE-2026-4893
Published on: 2026-05-15 01:01:39
Link: View Details
Information published.
CVE-2026-2291 CVE-2026-2291
Published on: 2026-05-15 01:01:44
Link: View Details
Information published.
CVE-2026-5172 CVE-2026-5172
Published on: 2026-05-15 01:01:50
Link: View Details
Information published.
CVE-2026-4890 CVE-2026-4890
Published on: 2026-05-15 01:02:01
Link: View Details
Information published.
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling
Published on: 2026-05-15 01:02:12
Link: View Details
Information published.
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Published on: 2026-05-15 01:02:18
Link: View Details
Information published.
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection
Published on: 2026-05-15 01:02:26
Link: View Details
Information published.
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Published on: 2026-05-15 01:02:32
Link: View Details
Information published.
CVE-2026-8295 Integer overflow in simdjson
Published on: 2026-05-15 01:01:28
Link: View Details
Information published.
CVE-2026-4891 CVE-2026-4891
Published on: 2026-05-15 01:01:33
Link: View Details
Information published.
CVE-2026-4892 CVE-2026-4892
Published on: 2026-05-15 01:01:55
Link: View Details
Information published.
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username
Published on: 2026-05-15 01:02:06
Link: View Details
Information published.
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Published on: 2026-05-15 01:02:37
Link: View Details
Information published.
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
Published on: 2026-05-15 01:02:43
Link: View Details
Information published.
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Published on: 2026-05-14 07:00:00
Link: View Details
New .NET Framework Packages have been added
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
Published on: 2026-05-14 07:00:00
Link: View Details
New .NET Framework Packages have been added
CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability
Published on: 2026-05-14 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability
Published on: 2026-05-14 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve
Published on: 2026-05-14 01:42:37
Link: View Details
Information published.
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-13 07:00:00
Link: View Details
Updated the fixed version number. This is an informational change only.
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-13 07:00:00
Link: View Details
Acknowledgement Updated
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-13 07:00:00
Link: View Details
Updated the fixed version number. This is an informational change only.
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Published on: 2026-05-13 01:06:02
Link: View Details
Information published.
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Published on: 2026-05-13 01:05:57
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-05-13 01:03:48
Link: View Details
Information published.
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Published on: 2026-05-13 01:04:59
Link: View Details
Information published.
CVE-2026-45186
Published on: 2026-05-13 01:03:56
Link: View Details
Information published.
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
Published on: 2026-05-13 01:01:25
Link: View Details
Information published.
CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge
Published on: 2026-05-13 01:01:31
Link: View Details
Information published.
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts
Published on: 2026-05-13 01:01:36
Link: View Details
Information published.
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
Published on: 2026-05-13 01:01:42
Link: View Details
Information published.
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f
Published on: 2026-05-13 01:01:47
Link: View Details
Information published.
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Published on: 2026-05-13 01:01:53
Link: View Details
Information published.
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
Published on: 2026-05-13 01:01:58
Link: View Details
Information published.
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Published on: 2026-05-13 01:05:27
Link: View Details
Information published.
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Published on: 2026-05-13 01:05:53
Link: View Details
Information published.
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing
Published on: 2026-05-13 01:42:37
Link: View Details
Information published.
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
Published on: 2026-05-13 01:42:44
Link: View Details
Information published.
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
Published on: 2026-05-13 01:42:50
Link: View Details
Information published.
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error
Published on: 2026-05-13 01:42:57
Link: View Details
Information published.
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
Published on: 2026-05-13 01:43:04
Link: View Details
Information published.
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
Published on: 2026-05-13 01:43:11
Link: View Details
Information published.
CVE-2026-33811 Crash when handling long CNAME response in net
Published on: 2026-05-13 01:05:35
Link: View Details
Information published.
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Published on: 2026-05-13 01:05:46
Link: View Details
Information published.
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Published on: 2026-05-13 01:05:10
Link: View Details
Information published.
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Published on: 2026-05-13 01:04:49
Link: View Details
Information published.
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Published on: 2026-05-13 01:04:28
Link: View Details
Information published.
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Published on: 2026-05-13 01:04:38
Link: View Details
Information published.
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Published on: 2026-05-13 01:04:07
Link: View Details
Information published.
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Published on: 2026-05-13 01:04:17
Link: View Details
Information published.
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Published on: 2026-05-13 01:05:20
Link: View Details
Information published.
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
Published on: 2026-05-13 01:01:20
Link: View Details
Information published.
CVE-2026-35469 SpdyStream: DOS on CRI
Published on: 2026-05-13 01:40:49
Link: View Details
Information published.
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
Published on: 2026-05-13 01:40:12
Link: View Details
Information published.
CVE-2026-41636 Apache Thrift: Node.js skip() recursion
Published on: 2026-05-13 01:40:27
Link: View Details
Information published.
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Published on: 2026-05-13 01:39:49
Link: View Details
Information published.
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow
Published on: 2026-05-13 01:40:05
Link: View Details
Information published.
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow
Published on: 2026-05-13 01:40:21
Link: View Details
Information published.
CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
CVE-2026-33839 Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-34330 Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35419 Windows DWM Core Library Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
CVE-2026-41095 Data Deduplication Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-32175 .NET Core Tampering Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.
The security update fixes the vulnerability by ensuring .NET Core properly handles files.
CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
ADV990001 Latest Servicing Stack Updates
Published on: 2026-05-12 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34336 Windows DWM Core Library Information Disclosure Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40370 SQL Server Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-42832 Microsoft Office Spoofing Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
Published on: 2026-05-12 07:00:00
Link: View Details
This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible.
The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information:
* [AMD-SB-7052](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html)
CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability
Published on: 2026-05-12 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2025-6965 Integer Truncation on SQLite
Published on: 2026-05-12 07:00:00
Link: View Details
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Published on: 2026-05-12 01:40:38
Link: View Details
Information published.
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Published on: 2026-05-12 01:40:31
Link: View Details
Information published.
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Published on: 2026-05-12 01:42:08
Link: View Details
Information published.
CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
Published on: 2026-05-12 01:07:26
Link: View Details
Information published.
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
Published on: 2026-05-11 07:00:00
Link: View Details
Added FAQ information. This is an informational change only.
CVE-2026-32226 .NET Framework Denial of Service Vulnerability
Published on: 2026-05-11 07:00:00
Link: View Details
This CVE has been updated to include additional Security Updates for .NET Framework
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Published on: 2026-05-11 01:41:16
Link: View Details
Information published.
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
Published on: 2026-05-11 01:38:29
Link: View Details
Information published.
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
Published on: 2026-05-11 01:45:00
Link: View Details
Information published.
CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
Published on: 2026-05-11 01:45:18
Link: View Details
Information published.
CVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
Published on: 2026-05-11 01:39:32
Link: View Details
Information published.
CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
Published on: 2026-05-11 01:48:07
Link: View Details
Information published.
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Published on: 2026-05-11 01:48:16
Link: View Details
Information published.
CVE-2026-23214 btrfs: reject new transactions if the fs is fully read-only
Published on: 2026-05-11 01:46:46
Link: View Details
Information published.
CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
Published on: 2026-05-11 01:46:30
Link: View Details
Information published.
CVE-2025-71225 md: suspend array while updating raid_disks via sysfs
Published on: 2026-05-11 01:46:38
Link: View Details
Information published.
CVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channels
Published on: 2026-05-11 01:46:56
Link: View Details
Information published.
CVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handler
Published on: 2026-05-11 01:47:22
Link: View Details
Information published.
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Published on: 2026-05-11 01:42:15
Link: View Details
Information published.
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Published on: 2026-05-11 01:42:25
Link: View Details
Information published.
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Published on: 2026-05-11 01:42:33
Link: View Details
Information published.
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Published on: 2026-05-11 01:42:41
Link: View Details
Information published.
CVE-2025-40158 ipv6: use RCU in ip6_output()
Published on: 2026-05-11 01:42:50
Link: View Details
Information published.
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Published on: 2026-05-11 01:42:59
Link: View Details
Information published.
CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s
Published on: 2026-05-11 01:43:54
Link: View Details
Information published.
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
Published on: 2026-05-11 01:44:02
Link: View Details
Information published.
CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
Published on: 2026-05-11 01:44:11
Link: View Details
Information published.
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership
Published on: 2026-05-11 01:44:19
Link: View Details
Information published.
CVE-2025-68209 mlx5: Fix default values in create CQ
Published on: 2026-05-11 01:44:28
Link: View Details
Information published.
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side
Published on: 2026-05-11 01:44:45
Link: View Details
Information published.
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Published on: 2026-05-11 01:45:02
Link: View Details
Information published.
CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq
Published on: 2026-05-11 01:45:11
Link: View Details
Information published.
CVE-2025-68736 landlock: Fix handling of disconnected directories
Published on: 2026-05-11 01:45:20
Link: View Details
Information published.
CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Published on: 2026-05-11 01:45:29
Link: View Details
Information published.
CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Published on: 2026-05-11 01:43:18
Link: View Details
Information published.
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
Published on: 2026-05-11 01:43:26
Link: View Details
Information published.
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
Published on: 2026-05-11 01:43:45
Link: View Details
Information published.
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
Published on: 2026-05-11 01:44:37
Link: View Details
Information published.
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
Published on: 2026-05-11 01:44:53
Link: View Details
Information published.
CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Published on: 2026-05-11 01:45:38
Link: View Details
Information published.
CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()
Published on: 2026-05-11 01:45:47
Link: View Details
Information published.
CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Published on: 2026-05-11 01:45:55
Link: View Details
Information published.
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
Published on: 2026-05-11 01:48:34
Link: View Details
Information published.
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Published on: 2026-05-11 01:48:52
Link: View Details
Information published.
CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
Published on: 2026-05-11 01:48:43
Link: View Details
Information published.
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Published on: 2026-05-11 01:46:04
Link: View Details
Information published.
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Published on: 2026-05-11 01:46:13
Link: View Details
Information published.
CVE-2025-71072 shmem: fix recovery on rename failures
Published on: 2026-05-11 01:46:21
Link: View Details
Information published.
CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
Published on: 2026-05-11 01:50:42
Link: View Details
Information published.
CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug
Published on: 2026-05-11 01:49:58
Link: View Details
Information published.
CVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
Published on: 2026-05-11 01:49:14
Link: View Details
Information published.
CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO
Published on: 2026-05-11 01:42:20
Link: View Details
Information published.
CVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error path
Published on: 2026-05-11 01:50:07
Link: View Details
Information published.
CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync
Published on: 2026-05-11 01:44:08
Link: View Details
Information published.
CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
Published on: 2026-05-11 01:48:46
Link: View Details
Information published.
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
Published on: 2026-05-11 01:50:52
Link: View Details
Information published.
CVE-2025-38636 rv: Use strings in da monitors tracepoints
Published on: 2026-05-11 01:51:01
Link: View Details
Information published.
CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
Published on: 2026-05-11 01:50:26
Link: View Details
Information published.
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Published on: 2026-05-11 01:43:09
Link: View Details
Information published.
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
Published on: 2026-05-11 01:50:35
Link: View Details
Information published.
CVE-2025-38584 padata: Fix pd UAF once and for all
Published on: 2026-05-11 01:50:43
Link: View Details
Information published.
CVE-2023-52485 drm/amd/display: Wake DMCUB before sending a command
Published on: 2026-05-11 01:50:33
Link: View Details
Information published.
CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Published on: 2026-05-11 01:38:29
Link: View Details
Information published.
CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos
Published on: 2026-05-11 01:40:50
Link: View Details
Information published.
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
Published on: 2026-05-11 01:43:42
Link: View Details
Information published.
CVE-2024-49888 bpf: Fix a sdiv overflow issue
Published on: 2026-05-11 01:46:23
Link: View Details
Information published.
CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
Published on: 2026-05-11 01:42:58
Link: View Details
Information published.
CVE-2024-49940 l2tp: prevent possible tunnel refcount underflow
Published on: 2026-05-11 01:46:41
Link: View Details
Information published.
CVE-2024-49932 btrfs: don't readahead the relocation inode on RST
Published on: 2026-05-11 01:46:32
Link: View Details
Information published.
CVE-2024-49893 drm/amd/display: Check stream_status before it is used
Published on: 2026-05-11 01:44:44
Link: View Details
Information published.
CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone
Published on: 2026-05-11 01:46:50
Link: View Details
Information published.
CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails
Published on: 2026-05-11 01:45:20
Link: View Details
Information published.
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
Published on: 2026-05-11 01:45:29
Link: View Details
Information published.
CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses
Published on: 2026-05-11 01:44:53
Link: View Details
Information published.
CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t
Published on: 2026-05-11 01:42:39
Link: View Details
Information published.
CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue
Published on: 2026-05-11 01:44:00
Link: View Details
Information published.
CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()
Published on: 2026-05-11 01:44:09
Link: View Details
Information published.
CVE-2024-49922 drm/amd/display: Check null pointers before using them
Published on: 2026-05-11 01:44:27
Link: View Details
Information published.
CVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35
Published on: 2026-05-11 01:42:49
Link: View Details
Information published.
CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean
Published on: 2026-05-11 01:45:38
Link: View Details
Information published.
CVE-2024-49921 drm/amd/display: Check null pointers before used
Published on: 2026-05-11 01:44:18
Link: View Details
Information published.
CVE-2024-38608 net/mlx5e: Fix netif state handling
Published on: 2026-05-11 01:40:07
Link: View Details
Information published.
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Published on: 2026-05-11 01:41:24
Link: View Details
Information published.
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Published on: 2026-05-11 01:38:02
Link: View Details
Information published.
CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables
Published on: 2026-05-11 01:42:21
Link: View Details
Information published.
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Published on: 2026-05-11 01:42:30
Link: View Details
Information published.
CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1
Published on: 2026-05-11 01:41:44
Link: View Details
Information published.
CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
Published on: 2026-05-11 01:41:53
Link: View Details
Information published.
CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.
Published on: 2026-05-11 01:43:23
Link: View Details
Information published.
CVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebuffer
Published on: 2026-05-11 01:47:49
Link: View Details
Information published.
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
Published on: 2026-05-11 01:41:25
Link: View Details
Information published.
CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly
Published on: 2026-05-11 01:41:52
Link: View Details
Information published.
CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir
Published on: 2026-05-11 01:40:42
Link: View Details
Information published.
CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case
Published on: 2026-05-11 01:40:25
Link: View Details
Information published.
CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses
Published on: 2026-05-11 01:44:42
Link: View Details
Information published.
CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
Published on: 2026-05-11 01:45:36
Link: View Details
Information published.
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Published on: 2026-05-11 01:40:08
Link: View Details
Information published.
CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size
Published on: 2026-05-11 01:40:16
Link: View Details
Information published.
CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done
Published on: 2026-05-11 01:47:14
Link: View Details
Information published.
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Published on: 2026-05-11 01:41:32
Link: View Details
Information published.
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Published on: 2026-05-11 01:41:40
Link: View Details
Information published.
CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit
Published on: 2026-05-11 01:41:49
Link: View Details
Information published.
CVE-2025-22109 ax25: Remove broken autobind
Published on: 2026-05-11 01:41:08
Link: View Details
Information published.
CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT
Published on: 2026-05-11 01:47:03
Link: View Details
Information published.
CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()
Published on: 2026-05-11 01:40:33
Link: View Details
Information published.
CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
Published on: 2026-05-11 01:39:58
Link: View Details
Information published.
CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load
Published on: 2026-05-11 01:40:24
Link: View Details
Information published.
CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs
Published on: 2026-05-11 01:40:41
Link: View Details
Information published.
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Published on: 2026-05-11 01:46:20
Link: View Details
Information published.
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Published on: 2026-05-11 01:49:23
Link: View Details
Information published.
CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()
Published on: 2026-05-11 01:50:17
Link: View Details
Information published.
CVE-2025-38264 nvme-tcp: sanitize request list handling
Published on: 2026-05-11 01:49:15
Link: View Details
Information published.
CVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_data
Published on: 2026-05-11 01:49:33
Link: View Details
Information published.
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
Published on: 2026-05-11 01:49:41
Link: View Details
Information published.
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
Published on: 2026-05-11 01:49:50
Link: View Details
Information published.
CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx
Published on: 2026-05-11 01:50:00
Link: View Details
Information published.
CVE-2025-38311 iavf: get rid of the crit lock
Published on: 2026-05-11 01:50:09
Link: View Details
Information published.
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Published on: 2026-05-11 01:49:06
Link: View Details
Information published.
CVE-2024-42107 ice: Don't process extts if PTP is disabled
Published on: 2026-05-11 01:50:24
Link: View Details
Information published.
CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly
Published on: 2026-05-11 01:38:37
Link: View Details
Information published.
CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
Published on: 2026-05-11 01:39:14
Link: View Details
Information published.
CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation
Published on: 2026-05-11 01:38:55
Link: View Details
Information published.
CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
Published on: 2026-05-11 01:41:00
Link: View Details
Information published.
CVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
Published on: 2026-05-11 01:48:38
Link: View Details
Information published.
CVE-2024-41008 drm/amdgpu: change vm->task_info handling
Published on: 2026-05-11 01:48:25
Link: View Details
Information published.
CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command
Published on: 2026-05-11 01:41:43
Link: View Details
Information published.
CVE-2024-42134 virtio-pci: Check if is_avq is NULL
Published on: 2026-05-11 01:48:56
Link: View Details
Information published.
CVE-2024-40999 net: ena: Add validation for completion descriptors consistency
Published on: 2026-05-11 01:42:46
Link: View Details
Information published.
CVE-2024-42118 drm/amd/display: Do not return negative stream id for array
Published on: 2026-05-11 01:42:55
Link: View Details
Information published.
CVE-2024-39478 crypto: starfive - Do not free stack buffer
Published on: 2026-05-11 01:43:32
Link: View Details
Information published.
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Published on: 2026-05-11 01:45:45
Link: View Details
Information published.
CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments
Published on: 2026-05-11 01:39:05
Link: View Details
Information published.
CVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capability
Published on: 2026-05-11 01:48:20
Link: View Details
Information published.
CVE-2024-53090 afs: Fix lock recursion
Published on: 2026-05-11 01:49:41
Link: View Details
Information published.
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
Published on: 2026-05-11 01:49:50
Link: View Details
Information published.
CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1
Published on: 2026-05-11 01:48:29
Link: View Details
Information published.
CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails
Published on: 2026-05-11 01:47:45
Link: View Details
Information published.
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
Published on: 2026-05-11 01:47:00
Link: View Details
Information published.
CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Published on: 2026-05-11 01:38:08
Link: View Details
Information published.
CVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()
Published on: 2026-05-11 01:52:21
Link: View Details
Information published.
CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
Published on: 2026-05-11 01:41:34
Link: View Details
Information published.
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
Published on: 2026-05-11 01:42:11
Link: View Details
Information published.
CVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume path
Published on: 2026-05-11 01:43:14
Link: View Details
Information published.
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Published on: 2026-05-11 01:43:59
Link: View Details
Information published.
CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
Published on: 2026-05-11 01:44:33
Link: View Details
Information published.
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
Published on: 2026-05-11 01:38:56
Link: View Details
Information published.
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
Published on: 2026-05-11 01:39:23
Link: View Details
Information published.
CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
Published on: 2026-05-11 01:46:54
Link: View Details
Information published.
CVE-2025-21723 scsi: mpi3mr: Fix possible crash when setting up bsg fails
Published on: 2026-05-11 01:38:20
Link: View Details
Information published.
CVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after free
Published on: 2026-05-11 01:39:05
Link: View Details
Information published.
CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
Published on: 2026-05-11 01:51:27
Link: View Details
Information published.
CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
Published on: 2026-05-11 01:50:51
Link: View Details
Information published.
CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap
Published on: 2026-05-11 01:44:16
Link: View Details
Information published.
CVE-2024-41932 sched: fix warning in sched_setaffinity
Published on: 2026-05-11 01:44:24
Link: View Details
Information published.
CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
Published on: 2026-05-11 01:45:09
Link: View Details
Information published.
CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up
Published on: 2026-05-11 01:45:54
Link: View Details
Information published.
CVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
Published on: 2026-05-11 01:52:36
Link: View Details
Information published.
CVE-2025-21649 net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
Published on: 2026-05-11 01:51:35
Link: View Details
Information published.
CVE-2025-21634 cgroup/cpuset: remove kernfs active break
Published on: 2026-05-11 01:52:01
Link: View Details
Information published.
CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL
Published on: 2026-05-11 01:42:01
Link: View Details
Information published.
CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
Published on: 2026-05-11 01:50:59
Link: View Details
Information published.
CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace
Published on: 2026-05-11 01:46:10
Link: View Details
Information published.
CVE-2024-57857 RDMA/siw: Remove direct link to net_device
Published on: 2026-05-11 01:39:14
Link: View Details
Information published.
CVE-2025-21672 afs: Fix merge preference rule failure condition
Published on: 2026-05-11 01:52:12
Link: View Details
Information published.
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Published on: 2026-05-11 01:48:52
Link: View Details
Information published.
CVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()
Published on: 2026-05-11 01:49:00
Link: View Details
Information published.
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free
Published on: 2026-05-11 01:50:33
Link: View Details
Information published.
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Published on: 2026-05-11 01:50:42
Link: View Details
Information published.
CVE-2026-31557 nvmet: move async event work off nvmet-wq
Published on: 2026-05-11 01:50:50
Link: View Details
Information published.
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use
Published on: 2026-05-11 01:50:58
Link: View Details
Information published.
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK
Published on: 2026-05-11 01:51:23
Link: View Details
Information published.
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
Published on: 2026-05-11 01:51:31
Link: View Details
Information published.
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction
Published on: 2026-05-11 01:51:40
Link: View Details
Information published.
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory
Published on: 2026-05-11 01:51:57
Link: View Details
Information published.
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation
Published on: 2026-05-11 01:52:06
Link: View Details
Information published.
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
Published on: 2026-05-11 01:52:24
Link: View Details
Information published.
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output
Published on: 2026-05-11 01:52:16
Link: View Details
Information published.
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock
Published on: 2026-05-11 01:52:32
Link: View Details
Information published.
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
Published on: 2026-05-11 01:48:43
Link: View Details
Information published.
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex
Published on: 2026-05-11 01:49:08
Link: View Details
Information published.
CVE-2026-31487 spi: use generic driver_override infrastructure
Published on: 2026-05-11 01:49:16
Link: View Details
Information published.
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown
Published on: 2026-05-11 01:49:25
Link: View Details
Information published.
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation
Published on: 2026-05-11 01:49:33
Link: View Details
Information published.
CVE-2026-31506 net: bcmasp: fix double free of WoL irq
Published on: 2026-05-11 01:49:41
Link: View Details
Information published.
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case
Published on: 2026-05-11 01:49:50
Link: View Details
Information published.
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory
Published on: 2026-05-11 01:49:59
Link: View Details
Information published.
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
Published on: 2026-05-11 01:50:07
Link: View Details
Information published.
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
Published on: 2026-05-11 01:50:15
Link: View Details
Information published.
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes
Published on: 2026-05-11 01:50:24
Link: View Details
Information published.
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED
Published on: 2026-05-11 01:51:06
Link: View Details
Information published.
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
Published on: 2026-05-11 01:51:15
Link: View Details
Information published.
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response
Published on: 2026-05-11 01:51:49
Link: View Details
Information published.
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget
Published on: 2026-05-11 01:38:31
Link: View Details
Information published.
CVE-2026-31688 driver core: enforce device_lock for driver_match_device()
Published on: 2026-05-11 01:38:40
Link: View Details
Information published.
CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()
Published on: 2026-05-11 01:38:48
Link: View Details
Information published.
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns
Published on: 2026-05-11 01:38:56
Link: View Details
Information published.
CVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elements
Published on: 2026-05-11 01:47:30
Link: View Details
Information published.
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion
Published on: 2026-05-11 01:47:39
Link: View Details
Information published.
CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions
Published on: 2026-05-11 01:47:47
Link: View Details
Information published.
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
Published on: 2026-05-11 01:48:09
Link: View Details
Information published.
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
Published on: 2026-05-11 01:48:17
Link: View Details
Information published.
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Published on: 2026-05-11 01:48:34
Link: View Details
Information published.
CVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.
Published on: 2026-05-11 01:38:14
Link: View Details
Information published.
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
Published on: 2026-05-11 01:47:04
Link: View Details
Information published.
CVE-2026-23247 tcp: secure_seq: add back ports to TS offset
Published on: 2026-05-11 01:47:14
Link: View Details
Information published.
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
Published on: 2026-05-11 01:48:00
Link: View Details
Information published.
CVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()
Published on: 2026-05-11 01:48:25
Link: View Details
Information published.
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Published on: 2026-05-11 01:47:58
Link: View Details
Information published.
CVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recovery
Published on: 2026-05-11 01:43:05
Link: View Details
Information published.
CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution
Published on: 2026-05-11 01:47:32
Link: View Details
Information published.
CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
Published on: 2026-05-11 01:44:51
Link: View Details
Information published.
CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
Published on: 2026-05-11 01:47:40
Link: View Details
Information published.
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Published on: 2026-05-11 01:42:29
Link: View Details
Information published.
CVE-2025-37870 drm/amd/display: prevent hang on link training fail
Published on: 2026-05-11 01:42:38
Link: View Details
Information published.
CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
Published on: 2026-05-11 01:43:41
Link: View Details
Information published.
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Published on: 2026-05-11 01:43:50
Link: View Details
Information published.
CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Published on: 2026-05-11 01:45:28
Link: View Details
Information published.
CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
Published on: 2026-05-11 01:46:37
Link: View Details
Information published.
CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
Published on: 2026-05-11 01:46:46
Link: View Details
Information published.
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Published on: 2026-05-11 01:40:50
Link: View Details
Information published.
CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
Published on: 2026-05-11 01:46:28
Link: View Details
Information published.
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Published on: 2026-05-11 01:41:57
Link: View Details
Information published.
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Published on: 2026-05-11 01:42:06
Link: View Details
Information published.
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
Published on: 2026-05-11 01:52:29
Link: View Details
Information published.
CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
Published on: 2026-05-11 01:38:39
Link: View Details
Information published.
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
Published on: 2026-05-11 01:39:09
Link: View Details
Information published.
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:39:18
Link: View Details
Information published.
CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:39:26
Link: View Details
Information published.
CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check
Published on: 2026-05-11 01:40:07
Link: View Details
Information published.
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
Published on: 2026-05-11 01:40:16
Link: View Details
Information published.
CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair
Published on: 2026-05-11 01:40:41
Link: View Details
Information published.
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers
Published on: 2026-05-11 01:40:50
Link: View Details
Information published.
CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper
Published on: 2026-05-11 01:40:59
Link: View Details
Information published.
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl
Published on: 2026-05-11 01:41:07
Link: View Details
Information published.
CVE-2026-43010 bpf: Reject sleepable kprobe_multi programs at attach time
Published on: 2026-05-11 01:41:24
Link: View Details
Information published.
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Published on: 2026-05-11 01:42:28
Link: View Details
Information published.
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Published on: 2026-05-11 01:43:02
Link: View Details
Information published.
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Published on: 2026-05-11 01:43:12
Link: View Details
Information published.
CVE-2026-43245 ntfs: ->d_compare() must not block
Published on: 2026-05-11 01:43:28
Link: View Details
Information published.
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
Published on: 2026-05-11 01:43:37
Link: View Details
Information published.
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave
Published on: 2026-05-11 01:43:53
Link: View Details
Information published.
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Published on: 2026-05-11 01:44:27
Link: View Details
Information published.
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Published on: 2026-05-11 01:44:35
Link: View Details
Information published.
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Published on: 2026-05-11 01:44:59
Link: View Details
Information published.
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Published on: 2026-05-11 01:45:16
Link: View Details
Information published.
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
Published on: 2026-05-11 01:45:25
Link: View Details
Information published.
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Published on: 2026-05-11 01:46:23
Link: View Details
Information published.
CVE-2026-43474 fs: init flags_valid before calling vfs_fileattr_get
Published on: 2026-05-11 01:47:52
Link: View Details
Information published.
CVE-2025-71302 drm/panthor: fix for dma-fence safe access rules
Published on: 2026-05-11 01:48:12
Link: View Details
Information published.
CVE-2026-43309 md raid: fix hang when stopping arrays with metadata through dm-raid
Published on: 2026-05-11 01:48:28
Link: View Details
Information published.
CVE-2026-43320 drm/amd/display: Fix dsc eDP issue
Published on: 2026-05-11 01:49:27
Link: View Details
Information published.
CVE-2026-43300 drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()
Published on: 2026-05-11 01:49:15
Link: View Details
Information published.
CVE-2026-43306 bpf: crypto: Use the correct destructor kfunc type
Published on: 2026-05-11 01:49:37
Link: View Details
Information published.
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
Published on: 2026-05-11 01:49:46
Link: View Details
Information published.
CVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lock
Published on: 2026-05-11 01:50:03
Link: View Details
Information published.
CVE-2026-43344 perf/x86/intel/uncore: Fix die ID init and look up bugs
Published on: 2026-05-11 01:50:11
Link: View Details
Information published.
CVE-2026-43305 drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path
Published on: 2026-05-11 01:50:40
Link: View Details
Information published.
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC
Published on: 2026-05-11 01:51:15
Link: View Details
Information published.
CVE-2026-43400 drm/amdgpu: add upper bound check on user inputs in signal ioctl
Published on: 2026-05-11 01:51:07
Link: View Details
Information published.
CVE-2026-43292 mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node
Published on: 2026-05-11 01:51:43
Link: View Details
Information published.
CVE-2026-43398 drm/amdgpu: add upper bound check on user inputs in wait ioctl
Published on: 2026-05-11 01:51:52
Link: View Details
Information published.
CVE-2026-43311 soc/tegra: pmc: Fix unsafe generic_handle_irq() call
Published on: 2026-05-11 01:52:01
Link: View Details
Information published.
CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:52:10
Link: View Details
Information published.
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()
Published on: 2026-05-11 01:52:20
Link: View Details
Information published.
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
Published on: 2026-05-11 01:03:12
Link: View Details
Information published.
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing
Published on: 2026-05-11 01:03:17
Link: View Details
Information published.
CVE-2026-45186
Published on: 2026-05-11 01:03:23
Link: View Details
Information published.
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault
Published on: 2026-05-11 01:03:28
Link: View Details
Information published.
CVE-2026-7568 Signed integer overflow in metaphone()
Published on: 2026-05-11 01:04:01
Link: View Details
Information published.
CVE-2026-43053 xfs: close crash window in attr dabtree inactivation
Published on: 2026-05-11 01:39:35
Link: View Details
Information published.
CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()
Published on: 2026-05-11 01:39:43
Link: View Details
Information published.
CVE-2026-31777 ALSA: ctxfi: Check the error for index mapping
Published on: 2026-05-11 01:39:51
Link: View Details
Information published.
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:39:59
Link: View Details
Information published.
CVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_move
Published on: 2026-05-11 01:40:24
Link: View Details
Information published.
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
Published on: 2026-05-11 01:40:33
Link: View Details
Information published.
CVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()
Published on: 2026-05-11 01:41:15
Link: View Details
Information published.
CVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Published on: 2026-05-11 01:41:32
Link: View Details
Information published.
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()
Published on: 2026-05-11 01:41:40
Link: View Details
Information published.
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking
Published on: 2026-05-11 01:41:49
Link: View Details
Information published.
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
Published on: 2026-05-11 01:41:58
Link: View Details
Information published.
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Published on: 2026-05-11 01:42:11
Link: View Details
Information published.
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Published on: 2026-05-11 01:42:20
Link: View Details
Information published.
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Published on: 2026-05-11 01:42:36
Link: View Details
Information published.
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
Published on: 2026-05-11 01:42:45
Link: View Details
Information published.
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Published on: 2026-05-11 01:42:53
Link: View Details
Information published.
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Published on: 2026-05-11 01:43:20
Link: View Details
Information published.
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Published on: 2026-05-11 01:43:45
Link: View Details
Information published.
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Published on: 2026-05-11 01:44:02
Link: View Details
Information published.
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Published on: 2026-05-11 01:44:10
Link: View Details
Information published.
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated
Published on: 2026-05-11 01:44:19
Link: View Details
Information published.
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Published on: 2026-05-11 01:44:43
Link: View Details
Information published.
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Published on: 2026-05-11 01:44:52
Link: View Details
Information published.
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
Published on: 2026-05-11 01:45:08
Link: View Details
Information published.
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Published on: 2026-05-11 01:45:33
Link: View Details
Information published.
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Published on: 2026-05-11 01:45:42
Link: View Details
Information published.
CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation
Published on: 2026-05-11 01:45:50
Link: View Details
Information published.
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Published on: 2026-05-11 01:45:58
Link: View Details
Information published.
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Published on: 2026-05-11 01:46:07
Link: View Details
Information published.
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Published on: 2026-05-11 01:46:15
Link: View Details
Information published.
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Published on: 2026-05-11 01:46:31
Link: View Details
Information published.
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()
Published on: 2026-05-11 01:46:40
Link: View Details
Information published.
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Published on: 2026-05-11 01:46:48
Link: View Details
Information published.
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Published on: 2026-05-11 01:46:56
Link: View Details
Information published.
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Published on: 2026-05-11 01:47:04
Link: View Details
Information published.
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Published on: 2026-05-11 01:47:14
Link: View Details
Information published.
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Published on: 2026-05-11 01:47:31
Link: View Details
Information published.
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Published on: 2026-05-11 01:47:40
Link: View Details
Information published.
CVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctls
Published on: 2026-05-11 01:48:00
Link: View Details
Information published.
CVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
Published on: 2026-05-11 01:48:20
Link: View Details
Information published.
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain
Published on: 2026-05-11 01:48:36
Link: View Details
Information published.
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue
Published on: 2026-05-11 01:49:05
Link: View Details
Information published.
CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb frags
Published on: 2026-05-11 01:48:56
Link: View Details
Information published.
CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing
Published on: 2026-05-11 01:48:46
Link: View Details
Information published.
CVE-2026-43317 most: core: fix leak on early registration failure
Published on: 2026-05-11 01:49:54
Link: View Details
Information published.
CVE-2026-43321 bpf: Properly mark live registers for indirect jumps
Published on: 2026-05-11 01:50:22
Link: View Details
Information published.
CVE-2026-43456 bonding: fix type confusion in bond_setup_by_slave()
Published on: 2026-05-11 01:50:30
Link: View Details
Information published.
CVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VF
Published on: 2026-05-11 01:50:48
Link: View Details
Information published.
CVE-2026-43299 btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()
Published on: 2026-05-11 01:50:56
Link: View Details
Information published.
CVE-2026-43294 drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels
Published on: 2026-05-11 01:51:24
Link: View Details
Information published.
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Published on: 2026-05-11 01:51:32
Link: View Details
Information published.
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
Published on: 2026-05-11 01:03:00
Link: View Details
Information published.
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs
Published on: 2026-05-11 01:03:06
Link: View Details
Information published.
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD
Published on: 2026-05-11 01:03:34
Link: View Details
Information published.
CVE-2026-6722 Use-After-Free in SOAP using Apache map
Published on: 2026-05-11 01:03:39
Link: View Details
Information published.
CVE-2026-6735 XSS within PHP-FPM status endpoint
Published on: 2026-05-11 01:03:45
Link: View Details
Information published.
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>
Published on: 2026-05-11 01:03:50
Link: View Details
Information published.
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings
Published on: 2026-05-11 01:03:55
Link: View Details
Information published.
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
Published on: 2026-05-11 01:04:06
Link: View Details
Information published.
CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned
Published on: 2026-05-11 01:52:01
Link: View Details
Information published.
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Published on: 2026-05-11 01:52:11
Link: View Details
Information published.
CVE-2025-39762 drm/amd/display: add null check
Published on: 2026-05-11 01:52:20
Link: View Details
Information published.
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Published on: 2026-05-11 01:52:28
Link: View Details
Information published.
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup
Published on: 2026-05-11 01:52:35
Link: View Details
Information published.
CVE-2025-39789 crypto: x86/aegis - Add missing error checks
Published on: 2026-05-11 01:38:15
Link: View Details
Information published.
CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Published on: 2026-05-11 01:38:25
Link: View Details
Information published.
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Published on: 2026-05-11 01:39:02
Link: View Details
Information published.
CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Published on: 2026-05-11 01:39:11
Link: View Details
Information published.
CVE-2025-38705 drm/amd/pm: fix null pointer access
Published on: 2026-05-11 01:51:09
Link: View Details
Information published.
CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()
Published on: 2026-05-11 01:51:18
Link: View Details
Information published.
CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
Published on: 2026-05-11 01:51:27
Link: View Details
Information published.
CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability
Published on: 2026-05-11 01:51:36
Link: View Details
Information published.
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Published on: 2026-05-11 01:51:44
Link: View Details
Information published.
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Published on: 2026-05-11 01:51:53
Link: View Details
Information published.
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Published on: 2026-05-11 01:38:35
Link: View Details
Information published.
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Published on: 2026-05-11 01:38:44
Link: View Details
Information published.
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Published on: 2026-05-11 01:38:52
Link: View Details
Information published.
CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Published on: 2026-05-11 01:43:35
Link: View Details
Information published.
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
Published on: 2026-05-11 01:39:59
Link: View Details
Information published.
CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
Published on: 2026-05-11 01:39:49
Link: View Details
Information published.
CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
Published on: 2026-05-11 01:39:40
Link: View Details
Information published.
CVE-2024-26756 md: Don't register sync_thread for reshape directly
Published on: 2026-05-11 01:38:47
Link: View Details
Information published.
CVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array size
Published on: 2026-05-11 01:47:23
Link: View Details
Information published.
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module
Published on: 2026-05-11 01:46:02
Link: View Details
Information published.
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Published on: 2026-05-10 01:02:06
Link: View Details
Information published.
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template
Published on: 2026-05-10 01:02:38
Link: View Details
Information published.
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Published on: 2026-05-10 01:03:33
Link: View Details
Information published.
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing
Published on: 2026-05-10 01:01:21
Link: View Details
Information published.
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
Published on: 2026-05-10 01:01:27
Link: View Details
Information published.
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
Published on: 2026-05-10 01:01:32
Link: View Details
Information published.
CVE-2026-6666 PgBouncer crash in kill_pool_logins_server_error
Published on: 2026-05-10 01:01:38
Link: View Details
Information published.
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
Published on: 2026-05-10 01:01:44
Link: View Details
Information published.
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
Published on: 2026-05-10 01:01:50
Link: View Details
Information published.
CVE-2026-33811 Crash when handling long CNAME response in net
Published on: 2026-05-10 01:01:58
Link: View Details
Information published.
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
Published on: 2026-05-10 01:02:14
Link: View Details
Information published.
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
Published on: 2026-05-10 01:02:22
Link: View Details
Information published.
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Published on: 2026-05-10 01:02:30
Link: View Details
Information published.
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
Published on: 2026-05-10 01:02:46
Link: View Details
Information published.
CVE-2026-39826 Escaper bypass leads to XSS in html/template
Published on: 2026-05-10 01:02:55
Link: View Details
Information published.
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net
Published on: 2026-05-10 01:03:03
Link: View Details
Information published.
CVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mail
Published on: 2026-05-10 01:03:11
Link: View Details
Information published.
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go
Published on: 2026-05-10 01:03:19
Link: View Details
Information published.
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
Published on: 2026-05-10 01:03:25
Link: View Details
Information published.
CVE-2026-41526
Published on: 2026-05-09 01:38:59
Link: View Details
Information published.
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Published on: 2026-05-09 01:39:42
Link: View Details
Information published.
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Published on: 2026-05-09 01:39:08
Link: View Details
Information published.
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Published on: 2026-05-08 01:42:25
Link: View Details
Information published.
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Published on: 2026-05-08 01:40:39
Link: View Details
Information published.
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Published on: 2026-05-08 01:42:31
Link: View Details
Information published.
CVE-2026-37457
Published on: 2026-05-08 01:42:40
Link: View Details
Information published.
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Published on: 2026-05-08 01:42:58
Link: View Details
Information published.
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Published on: 2026-05-08 01:43:14
Link: View Details
Information published.
CVE-2026-43245 ntfs: ->d_compare() must not block
Published on: 2026-05-08 01:43:24
Link: View Details
Information published.
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Published on: 2026-05-08 01:43:50
Link: View Details
Information published.
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Published on: 2026-05-08 01:43:55
Link: View Details
Information published.
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Published on: 2026-05-08 01:44:02
Link: View Details
Information published.
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Published on: 2026-05-08 01:01:40
Link: View Details
Information published.
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Published on: 2026-05-08 01:42:53
Link: View Details
Information published.
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Published on: 2026-05-08 01:43:19
Link: View Details
Information published.
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Published on: 2026-05-08 01:43:38
Link: View Details
Information published.
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Published on: 2026-05-08 01:44:07
Link: View Details
Information published.
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Published on: 2026-05-08 01:44:19
Link: View Details
Information published.
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Published on: 2026-05-08 01:39:12
Link: View Details
Information published.
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
Published on: 2026-05-08 01:39:28
Link: View Details
Information published.
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Published on: 2026-05-08 01:39:44
Link: View Details
Information published.
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Published on: 2026-05-08 01:39:53
Link: View Details
Information published.
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Published on: 2026-05-08 01:39:58
Link: View Details
Information published.
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Published on: 2026-05-08 01:40:04
Link: View Details
Information published.
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Published on: 2026-05-08 01:01:18
Link: View Details
Information published.
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Published on: 2026-05-08 01:01:23
Link: View Details
Information published.
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Published on: 2026-05-08 01:01:29
Link: View Details
Information published.
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Published on: 2026-05-08 01:01:35
Link: View Details
Information published.
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Published on: 2026-05-08 01:01:46
Link: View Details
Information published.
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Published on: 2026-05-08 01:02:02
Link: View Details
Information published.
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Published on: 2026-05-08 01:01:51
Link: View Details
Information published.
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Published on: 2026-05-08 01:02:08
Link: View Details
Information published.
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Published on: 2026-05-08 01:02:14
Link: View Details
Information published.
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
Published on: 2026-05-08 01:02:19
Link: View Details
Information published.
CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution
Published on: 2026-05-08 01:02:25
Link: View Details
Information published.
CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Chromium: CVE-2026-8021 Script injection in UI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8022 Inappropriate implementation in MHTML
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8018 Insufficient policy enforcement in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8017 Side-channel information leakage in Media
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8014 Inappropriate implementation in Preload
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8015 Inappropriate implementation in Media
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8016 Use after free in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8012 Inappropriate implementation in MHTML
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8011 Insufficient policy enforcement in Search
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8009 Inappropriate implementation in Cast
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8008 Inappropriate implementation in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8004 Insufficient policy enforcement in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8002 Use after free in Audio
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8001 Use after free in Printing
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7999 Inappropriate implementation in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7994 Inappropriate implementation in Chromoting
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7995 Out of bounds read in AdFilter
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7991 Use after free in UI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7988 Type Confusion in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updater
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7989 Insufficient data validation in DataTransfer
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7987 Use after free in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7983 Out of bounds read in Dawn
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7984 Use after free in ReadingMode
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7985 Use after free in GPU
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7981 Out of bounds read in Codecs
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7979 Inappropriate implementation in Media
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7980 Use after free in WebAudio
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7978 Inappropriate implementation in Companion
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7977 Inappropriate implementation in Canvas
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7976 Use after free in Views
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7975 Use after free in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7974 Use after free in Blink
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7973 Integer overflow in Dawn
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7972 Uninitialized Use in GPU
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7971 Inappropriate implementation in ORB
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7970 Use after free in TopChrome
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7969 Integer overflow in Network
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSockets
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7960 Race in Speech
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7959 Inappropriate implementation in Navigation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7956 Use after free in Navigation
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7957 Out of bounds write in Media
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7955 Uninitialized Use in GPU
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7954 Race in Shared Storage
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7951 Out of bounds write in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7950 Out of bounds read and write in GFX
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7949 Out of bounds read in Skia
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7948 Race in Chromoting
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7942 Integer overflow in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7940 Use after free in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7938 Use after free in CSS
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7937 Insufficient policy enforcement in DevTools
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7935 Inappropriate implementation in Speech
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7936 Object lifecycle issue in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7933 Out of bounds read in WebCodecs
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloads
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7929 Use after free in MediaRecording
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7928 Use after free in WebRTC
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7926 Use after free in PresentationAPI
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7927 Type Confusion in Runtime
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7925 Use after free in Chromoting
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7922 Use after free in ServiceWorker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7924 Uninitialized Use in Dawn
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7921 Use after free in Passwords
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7923 Out of bounds write in Skia
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7920 Use after free in Skia
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7919 Use after free in Aura
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7918 Use after free in GPU
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7917 Use after free in Fullscreen
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7914 Type Confusion in Accessibility
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7910 Use after free in Views
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7911 Use after free in Aura
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7908 Use after free in Fullscreen
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7907 Use after free in DOM
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7906 Use after free in SVG
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7903 Integer overflow in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7904 Out of bounds read in Fonts
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7902 Out of bounds memory access in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7901 Use after free in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
Chromium: CVE-2026-7899 Out of bounds read and write in V8
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7898 Use after free in Chromoting
Published on: 2026-05-07 07:00:00
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
Chromium: CVE-2026-7896 Integer overflow in Blink
Published on: 2026-05-07 07:00:11
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026 ) for more information.
CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability
Published on: 2026-05-07 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Published on: 2026-05-07 01:47:56
Link: View Details
Information published.
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
Published on: 2026-05-07 01:10:02
Link: View Details
Information published.
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount
Published on: 2026-05-07 01:03:18
Link: View Details
Information published.
CVE-2026-34318
Published on: 2026-05-07 01:03:34
Link: View Details
Information published.
CVE-2026-34317
Published on: 2026-05-07 01:03:27
Link: View Details
Information published.
CVE-2026-34319
Published on: 2026-05-07 01:03:41
Link: View Details
Information published.
CVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragment
Published on: 2026-05-07 01:10:44
Link: View Details
Information published.
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
Published on: 2026-05-07 01:10:52
Link: View Details
Information published.
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Published on: 2026-05-07 01:11:00
Link: View Details
Information published.
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
Published on: 2026-05-07 01:12:30
Link: View Details
Information published.
CVE-2026-34875
Published on: 2026-05-07 01:12:41
Link: View Details
Information published.
CVE-2026-34874
Published on: 2026-05-07 01:12:47
Link: View Details
Information published.
CVE-2026-34876
Published on: 2026-05-07 01:12:52
Link: View Details
Information published.
CVE-2026-25835
Published on: 2026-05-07 01:12:58
Link: View Details
Information published.
CVE-2025-66442
Published on: 2026-05-07 01:13:04
Link: View Details
Information published.
CVE-2026-34873
Published on: 2026-05-07 01:13:10
Link: View Details
Information published.
CVE-2026-34871
Published on: 2026-05-07 01:13:15
Link: View Details
Information published.
CVE-2026-34872
Published on: 2026-05-07 01:13:21
Link: View Details
Information published.
CVE-2026-25834
Published on: 2026-05-07 01:13:26
Link: View Details
Information published.
CVE-2026-25833
Published on: 2026-05-07 01:13:32
Link: View Details
Information published.
CVE-2026-41082
Published on: 2026-05-07 01:13:38
Link: View Details
Information published.
CVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transports
Published on: 2026-05-07 01:02:32
Link: View Details
Information published.
CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification
Published on: 2026-05-07 01:02:48
Link: View Details
Information published.
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
Published on: 2026-05-07 01:03:04
Link: View Details
Information published.
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Published on: 2026-05-07 01:03:49
Link: View Details
Information published.
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Published on: 2026-05-07 01:03:58
Link: View Details
Information published.
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Published on: 2026-05-07 01:04:12
Link: View Details
Information published.
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex
Published on: 2026-05-07 01:04:54
Link: View Details
Information published.
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Published on: 2026-05-07 01:05:01
Link: View Details
Information published.
CVE-2026-43245 ntfs: ->d_compare() must not block
Published on: 2026-05-07 01:05:48
Link: View Details
Information published.
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
Published on: 2026-05-07 01:06:02
Link: View Details
Information published.
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave
Published on: 2026-05-07 01:06:17
Link: View Details
Information published.
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
Published on: 2026-05-07 01:06:52
Link: View Details
Information published.
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Published on: 2026-05-07 01:06:59
Link: View Details
Information published.
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Published on: 2026-05-07 01:07:17
Link: View Details
Information published.
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Published on: 2026-05-07 01:07:28
Link: View Details
Information published.
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
Published on: 2026-05-07 01:07:39
Link: View Details
Information published.
CVE-2026-43191 drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35
Published on: 2026-05-07 01:07:44
Link: View Details
Information published.
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths
Published on: 2026-05-07 01:08:55
Link: View Details
Information published.
CVE-2026-43964
Published on: 2026-05-07 01:12:35
Link: View Details
Information published.
CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison
Published on: 2026-05-07 01:02:40
Link: View Details
Information published.
CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service
Published on: 2026-05-07 01:02:56
Link: View Details
Information published.
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function
Published on: 2026-05-07 01:03:11
Link: View Details
Information published.
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Published on: 2026-05-07 01:04:05
Link: View Details
Information published.
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE
Published on: 2026-05-07 01:04:19
Link: View Details
Information published.
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams
Published on: 2026-05-07 01:04:27
Link: View Details
Information published.
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
Published on: 2026-05-07 01:04:39
Link: View Details
Information published.
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints
Published on: 2026-05-07 01:04:46
Link: View Details
Information published.
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Published on: 2026-05-07 01:05:40
Link: View Details
Information published.
CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function
Published on: 2026-05-07 01:05:55
Link: View Details
Information published.
CVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCU
Published on: 2026-05-07 01:06:10
Link: View Details
Information published.
CVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page check
Published on: 2026-05-07 01:06:24
Link: View Details
Information published.
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Published on: 2026-05-07 01:06:32
Link: View Details
Information published.
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels
Published on: 2026-05-07 01:06:39
Link: View Details
Information published.
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated
Published on: 2026-05-07 01:06:45
Link: View Details
Information published.
CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay
Published on: 2026-05-07 01:07:05
Link: View Details
Information published.
CVE-2026-43109 x86: shadow stacks: proper error handling for mmap lock
Published on: 2026-05-07 01:07:11
Link: View Details
Information published.
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
Published on: 2026-05-07 01:07:23
Link: View Details
Information published.
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Published on: 2026-05-07 01:07:34
Link: View Details
Information published.
CVE-2026-43258 alpha: fix user-space corruption during memory compaction
Published on: 2026-05-07 01:07:50
Link: View Details
Information published.
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Published on: 2026-05-07 01:07:55
Link: View Details
Information published.
CVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculation
Published on: 2026-05-07 01:08:01
Link: View Details
Information published.
CVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src
Published on: 2026-05-07 01:08:07
Link: View Details
Information published.
CVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcs
Published on: 2026-05-07 01:08:12
Link: View Details
Information published.
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Published on: 2026-05-07 01:08:18
Link: View Details
Information published.
CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4
Published on: 2026-05-07 01:08:23
Link: View Details
Information published.
CVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memory
Published on: 2026-05-07 01:08:28
Link: View Details
Information published.
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet
Published on: 2026-05-07 01:08:34
Link: View Details
Information published.
CVE-2026-43165 hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin
Published on: 2026-05-07 01:08:39
Link: View Details
Information published.
CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports
Published on: 2026-05-07 01:08:44
Link: View Details
Information published.
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
Published on: 2026-05-07 01:08:49
Link: View Details
Information published.
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report
Published on: 2026-05-07 01:09:00
Link: View Details
Information published.
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks
Published on: 2026-05-07 01:09:06
Link: View Details
Information published.
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()
Published on: 2026-05-07 01:09:11
Link: View Details
Information published.
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Published on: 2026-05-07 01:09:16
Link: View Details
Information published.
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking
Published on: 2026-05-07 01:09:22
Link: View Details
Information published.
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Published on: 2026-05-07 01:09:27
Link: View Details
Information published.
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Published on: 2026-05-07 01:09:36
Link: View Details
Information published.
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Published on: 2026-05-07 01:09:41
Link: View Details
Information published.
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Published on: 2026-05-07 01:09:49
Link: View Details
Information published.
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Published on: 2026-05-07 01:09:57
Link: View Details
Information published.
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
Published on: 2026-05-07 01:11:09
Link: View Details
Information published.
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset
Published on: 2026-05-07 01:11:17
Link: View Details
Information published.
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
Published on: 2026-05-07 01:11:25
Link: View Details
Information published.
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
Published on: 2026-05-07 01:11:33
Link: View Details
Information published.
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
Published on: 2026-05-07 01:11:41
Link: View Details
Information published.
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack
Published on: 2026-05-07 01:11:49
Link: View Details
Information published.
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash
Published on: 2026-05-07 01:11:57
Link: View Details
Information published.
CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash
Published on: 2026-05-07 01:12:05
Link: View Details
Information published.
CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response
Published on: 2026-05-07 01:12:14
Link: View Details
Information published.
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
Published on: 2026-05-07 01:12:22
Link: View Details
Information published.
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
Published on: 2026-05-06 01:41:49
Link: View Details
Information published.
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling
Published on: 2026-05-06 01:42:13
Link: View Details
Information published.
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup
Published on: 2026-05-06 01:41:40
Link: View Details
Information published.
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption
Published on: 2026-05-06 01:42:06
Link: View Details
Information published.
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access
Published on: 2026-05-06 01:42:20
Link: View Details
Information published.
CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
Published on: 2026-05-06 01:01:29
Link: View Details
Information published.
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Published on: 2026-05-06 01:42:35
Link: View Details
Information published.
CVE-2026-43964
Published on: 2026-05-06 01:01:23
Link: View Details
Information published.
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Published on: 2026-05-05 01:40:31
Link: View Details
Information published.
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Published on: 2026-05-05 01:41:44
Link: View Details
Information published.
CVE-2026-35469 SpdyStream: DOS on CRI
Published on: 2026-05-05 01:02:50
Link: View Details
Information published.
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
Published on: 2026-05-05 01:02:55
Link: View Details
Information published.
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Published on: 2026-05-05 01:42:03
Link: View Details
Information published.
CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place
Published on: 2026-05-05 01:03:40
Link: View Details
Information published.
CVE-2026-42798
Published on: 2026-05-05 01:03:12
Link: View Details
Information published.
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
Published on: 2026-05-05 01:03:34
Link: View Details
Information published.
CVE-2026-37457
Published on: 2026-05-05 01:03:04
Link: View Details
Information published.
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
Published on: 2026-05-05 01:03:22
Link: View Details
Information published.
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Published on: 2026-05-05 01:41:55
Link: View Details
Information published.
