CVEs from 2026
Total
14,792
critical
critical 1,335
high
high 5,008
medium
medium 4,832
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23075 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: … | |||
| CVE-2026-23150 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). syzbot reported various memory leaks related to NFC, struct nfc_llcp_sock, sk… | |||
| CVE-2026-23073 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory corruption due to not set vif driver data size The struct ieee80211_vif contains trailing space for vif dri… | |||
| CVE-2026-23072 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tp_udp_encap_recv(). syzbot reported memleak of struct l2tp_session, l2tp_tunnel, sock, etc. [0] The cite… | |||
| CVE-2026-2320 | unknown | — | — | — | Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafte… | |||
| CVE-2026-23071 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: regmap: Fix race condition in hwspinlock irqsave routine Previously, the address of the shared member '&map->spinlock_flags' was … | |||
| CVE-2026-23067 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/io-pgtable-arm: fix size_t signedness bug in unmap path __arm_lpae_unmap() returns size_t but was returning -ENOENT (negati… | |||
| CVE-2026-5895 | unknown | — | — | — | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security … | |||
| CVE-2026-33609 | unknown | — | — | — | Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees. | |||
| CVE-2026-45356 | unknown | — | — | — | ||||
| CVE-2026-23064 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode() must make sure ife_encode() does not return NULL. syzbot reported… | |||
| CVE-2026-5894 | unknown | — | — | — | Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-23070 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Octeontx2-af: Add proper checks for fwdata firmware populates MAC address, link modes (supported, advertised) and EEPROM data in … | |||
| CVE-2026-45698 | unknown | — | — | — | ||||
| CVE-2026-49388 | unknown | — | — | — | ||||
| CVE-2026-23065 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrf_record() The tmp buffer is allocated using kcalloc() but is not freed if acpi_evaluate_… | |||
| CVE-2026-23063 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that … | |||
| CVE-2026-32883 | unknown | — | — | — | Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verif… | |||
| CVE-2026-23062 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when acc… | |||
| CVE-2026-23061 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs… | |||
| CVE-2026-23059 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(), the f… | |||
| CVE-2026-23058 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: … | |||
| CVE-2026-23054 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection ta… | |||
| CVE-2026-23439 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n When CONFIG_IPV6 is disabled, the udp_sock_create6() fun… | |||
| CVE-2026-23050 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open() Ben Coddington reports seeing a hang in the following stack trace:… | |||
| CVE-2026-48998 | unknown | — | — | — | ||||
| CVE-2026-5886 | unknown | — | — | — | Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chrom… | |||
| CVE-2026-23057 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffers in rx queue: if a linear skb (with a spare t… | |||
| CVE-2026-23049 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 pan… | |||
| CVE-2026-23051 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane->fb rather t… | |||
| CVE-2026-23427 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_i… | |||
| CVE-2026-3937 | unknown | — | — | — | Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-23048 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer d… | |||
| CVE-2026-5885 | unknown | — | — | — | Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a … | |||
| CVE-2026-23056 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uacce_vm_ops to return -EPERM The current uacce_vm_ops does not support the mremap operation of vm_ope… | |||
| CVE-2026-23052 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE mu… | |||
| CVE-2026-23047 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be… | |||
| CVE-2026-23045 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/ena: fix missing lock when update devlink params Fix assert lock warning while calling devl_param_driverinit_value_set() in e… | |||
| CVE-2026-23044 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not… | |||
| CVE-2026-23046 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr allocation uses virtio_device->device, but virtnet_set… | |||
| CVE-2026-23043 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a NULL pointer dereference issue (CID 1666756) in … | |||
| CVE-2026-23042 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport flags do not contain VIRTCHNL2_VPORT_ENABLE_RDMA, dr… | |||
| CVE-2026-5889 | unknown | — | — | — | Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security sev… | |||
| CVE-2026-27456 | unknown | — | — | — | util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux… | |||
| CVE-2026-23041 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., b… | |||
| CVE-2026-5884 | unknown | — | — | — | Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandb… | |||
| CVE-2026-23039 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets b… | |||
| CVE-2026-23035 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profi… | |||
| CVE-2026-23034 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in u… | |||
| CVE-2026-3934 | unknown | — | — | — | Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Me… | |||
| CVE-2026-23388 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This … | |||
| CVE-2026-0904 | unknown | — | — | — | Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-23028 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_devic… | |||
| CVE-2026-0907 | unknown | — | — | — | Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-3061 | unknown | — | — | — | Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-23029 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_d… | |||
| CVE-2026-23027 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_d… | |||
| CVE-2026-1861 | unknown | — | — | — | Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-23406 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro evaluates its character parameter multiple times… | |||
| CVE-2026-23023 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_vport_rel() Free vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory during a reset. R… | |||
| CVE-2026-3930 | unknown | — | — | — | Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-5285 | unknown | — | — | — | Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-23021 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronously writing to the device registers and if usb_subm… | |||
| CVE-2026-23374 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix __this_cpu_read/write in preemptible context tracing_record_cmdline() internally uses __this_cpu_read() and __this_… | |||
| CVE-2026-23017 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the init_task on load If the init_task fails during a driver load, we end up without vports and netde… | |||
| CVE-2026-23024 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak of flow steer list on rmmod The flow steering list maintains entries that are added and removed as ethtool … | |||
| CVE-2026-5882 | unknown | — | — | — | Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-23015 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths The reference obtained by calling usb_get_dev() is not released… | |||
| CVE-2026-23014 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it… | |||
| CVE-2026-23348 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimm_bus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding … | |||
| CVE-2026-23013 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set… | |||
| CVE-2026-5286 | unknown | — | — | — | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-23012 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, … | |||
| CVE-2026-23342 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPT_RT On PREEMPT_RT kernels, the per-CPU xdp_bulk_queue (bq) can be accessed concurrently by mult… | |||
| CVE-2026-23009 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes t… | |||
| CVE-2026-23008 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface ba… | |||
| CVE-2026-23336 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() There is a use-after-free error in cfg80211_shutdown_all_interface… | |||
| CVE-2026-23006 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was only use… | |||
| CVE-2026-23002 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read() for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filema… | |||
| CVE-2026-35093 | unknown | — | — | — | A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows th… | |||
| CVE-2026-5878 | unknown | — | — | — | Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-23007 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized … | |||
| CVE-2026-40226 | unknown | — | — | — | In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. | |||
| CVE-2026-23005 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when upd… | |||
| CVE-2026-22999 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl shoul… | |||
| CVE-2026-41080 | unknown | — | — | — | libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | |||
| CVE-2026-23011 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, … | |||
| CVE-2026-40225 | unknown | — | — | — | In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. | |||
| CVE-2026-23329 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libie_fwlog_deinit() function can be called during driver unload even when firmw… | |||
| CVE-2026-40224 | unknown | — | — | — | In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace. | |||
| CVE-2026-22997 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactiva… | |||
| CVE-2026-35094 | unknown | — | — | — | A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cle… | |||
| CVE-2026-40223 | unknown | — | — | — | In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running. | |||
| CVE-2026-22993 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface i… | |||
| CVE-2026-34580 | unknown | — | — | — | Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key… | |||
| CVE-2026-22992 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagate… | |||
| CVE-2026-22995 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublk_partition_scan_work A race condition exists between the async partition scan work and device tea… | |||
| CVE-2026-41436 | unknown | — | — | — | ||||
| CVE-2026-22991 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its c… | |||
| CVE-2026-22989 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfsd: check that server is running in unlock_filesystem If we are trying to unlock the filesystem via an administrative interface… |