CVEs from 2026
Total
14,382
critical
critical 1,269
high
high 4,878
medium
medium 4,570
low
low 497
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9617 | high | 8.8 | 8.8 | 9d ago | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an… | |||
| CVE-2026-8179 | high | 8.8 | 8.8 | 9d ago | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte… | |||
| CVE-2026-46056 | high | 8.8 | 8.8 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in … | |||
| CVE-2026-5065 | high | 8.8 | 8.8 | 9d ago | IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to… | |||
| CVE-2026-9704 | high | 8.8 | 8.8 | 9d ago | A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token … | |||
| CVE-2026-45945 | high | 8.8 | 8.8 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix race condition during PASID entry replacement The Intel VT-d PASID table entry is 512 bits (64 bytes). When repla… | |||
| CVE-2026-8832 | high | 8.8 | 8.8 | 9d ago | The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due… | |||
| CVE-2026-8787 | high | 8.8 | 8.8 | 9d ago | The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authentica… | |||
| CVE-2026-9632 | high | 8.8 | 8.8 | 9d ago | A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Execu… | |||
| CVE-2026-9207 | high | 8.8 | 8.8 | 9d ago | Tanium addressed an unauthorized code execution vulnerability in Connect. | |||
| CVE-2026-9631 | high | 8.8 | 8.8 | 9d ago | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Man… | |||
| CVE-2026-9628 | high | 8.8 | 8.8 | 9d ago | A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipul… | |||
| CVE-2026-9627 | high | 8.8 | 8.8 | 9d ago | A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation … | |||
| CVE-2026-38807 | high | 8.8 | 8.8 | 9d ago | Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component | |||
| CVE-2026-8974 | high | 8.8 | 8.8 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-8975 | high | 8.8 | 8.8 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-36044 | high | 8.8 | 8.8 | 9d ago | @pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enumerate tool. The createSmartEnumerateTool() function in src/core/agent/tools.ts constructs a shell command by concatenati… | |||
| CVE-2026-8955 | high | 8.8 | 8.8 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-8957 | high | 8.8 | 8.8 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-8970 | high | 8.8 | 8.8 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-8676 | high | 8.8 | 8.8 | 10d ago | An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond. | |||
| CVE-2026-24187 | high | 8.8 | 8.8 | 10d ago | NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of priv… | |||
| CVE-2026-46368 | high | 8.8 | 8.8 | 10d ago | luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — … | |||
| CVE-2026-40033 | high | 8.8 | 8.8 | 10d ago | FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle v… | |||
| CVE-2026-45216 | high | 8.8 | 8.8 | 10d ago | Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0. | |||
| CVE-2026-9482 | high | 8.8 | 8.8 | 11d ago | A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer o… | |||
| CVE-2026-9481 | high | 8.8 | 8.8 | 11d ago | A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. Th… | |||
| CVE-2026-9480 | high | 8.8 | 8.8 | 11d ago | A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-… | |||
| CVE-2026-9479 | high | 8.8 | 8.8 | 11d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads… | |||
| CVE-2026-9463 | high | 8.8 | 8.8 | 11d ago | A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based bu… | |||
| CVE-2026-9462 | high | 8.8 | 8.8 | 11d ago | A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument subm… | |||
| CVE-2026-9461 | high | 8.8 | 8.8 | 11d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-ba… | |||
| CVE-2026-9460 | high | 8.8 | 8.8 | 11d ago | A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-ba… | |||
| CVE-2026-9459 | high | 8.8 | 8.8 | 11d ago | A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument max… | |||
| CVE-2026-9443 | high | 8.8 | 8.8 | 11d ago | A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The… | |||
| CVE-2026-9442 | high | 8.8 | 8.8 | 11d ago | A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipul… | |||
| CVE-2026-9431 | high | 8.8 | 8.8 | 11d ago | A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based b… | |||
| CVE-2026-9430 | high | 8.8 | 8.8 | 11d ago | A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dip… | |||
| CVE-2026-9429 | high | 8.8 | 8.8 | 11d ago | A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno… | |||
| CVE-2026-9428 | high | 8.8 | 8.8 | 11d ago | A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-b… | |||
| CVE-2026-9427 | high | 8.8 | 8.8 | 11d ago | A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submi… | |||
| CVE-2026-9426 | high | 8.8 | 8.8 | 11d ago | A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wla… | |||
| CVE-2026-9425 | high | 8.8 | 8.8 | 11d ago | A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The impacted element is the function formWlanMP of the file /goform/formWlanMP. The manipulation of the argument ateFunc/ateGain/… | |||
| CVE-2026-9403 | high | 8.8 | 8.8 | 11d ago | A vulnerability was determined in Edimax BR-6675nD 1.12. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. This manipul… | |||
| CVE-2026-9401 | high | 8.8 | 8.8 | 11d ago | A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of th… | |||
| CVE-2026-9399 | high | 8.8 | 8.8 | 11d ago | A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipu… | |||
| CVE-2026-9393 | high | 8.8 | 8.8 | 12d ago | A vulnerability was found in H3C Magic B0 up to 100R002. This affects the function Edit_BasicSSID_5G of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer ove… | |||
| CVE-2026-9389 | high | 8.8 | 8.8 | 12d ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to buffer overflow. The a… | |||
| CVE-2026-9382 | high | 8.8 | 8.8 | 12d ago | A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation … | |||
| CVE-2026-9381 | high | 8.8 | 8.8 | 12d ago | A vulnerability was detected in Edimax BR-6675nD 1.12. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performi… | |||
| CVE-2026-9380 | high | 8.8 | 8.8 | 12d ago | A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation … | |||
| CVE-2026-9360 | high | 8.8 | 8.8 | 12d ago | A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The… | |||
| CVE-2026-9348 | high | 8.8 | 8.8 | 12d ago | A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument we… | |||
| CVE-2026-9346 | high | 8.8 | 8.8 | 12d ago | A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument su… | |||
| CVE-2026-9345 | high | 8.8 | 8.8 | 12d ago | A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argumen… | |||
| CVE-2026-9344 | high | 8.8 | 8.8 | 12d ago | A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of th… | |||
| CVE-2026-43503 | high | 8.8 | 8.8 | 13d ago | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_s… | |||
| CVE-2026-9294 | high | 8.8 | 8.8 | 13d ago | A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manip… | |||
| CVE-2026-9295 | high | 8.8 | 8.8 | 13d ago | A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipul… | |||
| CVE-2026-6898 | high | 8.8 | 8.8 | 13d ago | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions… | |||
| CVE-2026-6897 | high | 8.8 | 8.8 | 13d ago | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in… | |||
| CVE-2026-6895 | high | 8.8 | 8.8 | 13d ago | The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is du… | |||
| CVE-2026-6419 | high | 8.8 | 8.8 | 13d ago | The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check … | |||
| CVE-2026-47125 | high | 8.8 | 8.8 | 13d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.g… | |||
| CVE-2026-35430 | high | 8.8 | 8.8 | 13d ago | Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-41075 | high | 8.8 | 8.8 | 13d ago | RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft i… | |||
| CVE-2026-45659 | high | 8.8 | 8.8 | 13d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-3294 | high | 8.8 | 8.8 | 14d ago | An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator passwor… | |||
| CVE-2026-6406 | high | 8.8 | 8.8 | 14d ago | The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly… | |||
| CVE-2026-8992 | high | 8.8 | 8.8 | 14d ago | An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code. | |||
| CVE-2026-9018 | high | 8.8 | 8.8 | 14d ago | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` … | |||
| CVE-2026-8434 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave this vulnerability a CVSS v.4… | |||
| CVE-2026-8433 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score… | |||
| CVE-2026-8432 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o… | |||
| CVE-2026-8427 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a… | |||
| CVE-2026-8416 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a CV… | |||
| CVE-2026-8415 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVS… | |||
| CVE-2026-8414 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 scor… | |||
| CVE-2026-8413 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco… | |||
| CVE-2026-8412 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco… | |||
| CVE-2026-8411 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco… | |||
| CVE-2026-8410 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.… | |||
| CVE-2026-8409 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco… | |||
| CVE-2026-8428 | high | 8.8 | 8.8 | 15d ago | Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashb… | |||
| CVE-2026-8426 | high | 8.8 | 8.8 | 15d ago | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An attacker who controls the remote package ret… | |||
| CVE-2026-8421 | high | 8.8 | 8.8 | 15d ago | Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concrete/controllers/single_page/dashboard/extend/install.php. An attacker who can cause an authenticate… | |||
| CVE-2026-8417 | high | 8.8 | 8.8 | 15d ago | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() method in concrete/controllers/single_page/da… | |||
| CVE-2026-8350 | high | 8.8 | 8.8 | 15d ago | Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access … | |||
| CVE-2026-47102 | high | 8.8 | 8.8 | 15d ago | LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restri… | |||
| CVE-2026-47101 | high | 8.8 | 8.8 | 15d ago | LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored with… | |||
| CVE-2026-47114 | high | 8.8 | 8.8 | 15d ago | IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the… | |||
| CVE-2026-9089 | high | 8.8 | 8.8 | 15d ago | The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5. | |||
| CVE-2026-43495 | high | 8.8 | 8.8 | 15d ago | In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the m… | |||
| CVE-2026-39461 | high | 8.8 | 8.8 | 15d ago | libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descript… | |||
| CVE-2026-44048 | high | 8.8 | 8.8 | 15d ago | A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of servi… | |||
| CVE-2026-44047 | high | 8.8 | 8.8 | 15d ago | An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial o… | |||
| CVE-2026-9126 | high | 8.8 | 8.8 | 16d ago | Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-9121 | high | 8.8 | 8.8 | 16d ago | Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-9120 | high | 8.8 | 8.8 | 16d ago | Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9119 | high | 8.8 | 8.8 | 16d ago | Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… |