CVEs from 2026
Total
14,792
critical
critical 1,335
high
high 5,008
medium
medium 4,832
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25551 | high | 7.8 | 7.8 | 2d ago | Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remot… | |||
| CVE-2026-50209 | high | 7.8 | 7.8 | 3d ago | Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. | |||
| CVE-2026-50207 | high | 7.8 | 7.8 | 3d ago | The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity. | |||
| CVE-2026-49189 | high | 7.8 | 7.8 | 3d ago | Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations. | |||
| CVE-2026-41859 | high | 7.8 | 7.8 | 3d ago | A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with the VM list that is written into th… | |||
| CVE-2026-40290 | high | 7.8 | 7.8 | 4d ago | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior … | |||
| CVE-2026-46271 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads… | |||
| CVE-2026-46263 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can be indexed out o… | |||
| CVE-2026-46260 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). syzbot reported out-of-bound read in fib6_add_rt2node(). [0] When IPv6 rout… | |||
| CVE-2026-46259 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() acces… | |||
| CVE-2026-46253 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same … | |||
| CVE-2026-8036 | high | 7.8 | 7.8 | 4d ago | Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and p… | |||
| CVE-2026-40715 | high | 7.8 | 7.8 | 4d ago | Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le… | |||
| CVE-2026-24237 | high | 7.8 | 7.8 | 4d ago | NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampe… | |||
| CVE-2026-24221 | high | 7.8 | 7.8 | 4d ago | NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampe… | |||
| CVE-2026-40619 | high | 7.8 | 7.8 | 5d ago | A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admi… | |||
| CVE-2026-25260 | high | 7.8 | 7.8 | 5d ago | Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications. | |||
| CVE-2026-25259 | high | 7.8 | 7.8 | 5d ago | Memory corruption while processing multiple IOCTL command for escape operations. | |||
| CVE-2026-25258 | high | 7.8 | 7.8 | 5d ago | Memory corruption while processing IOCTL calls for escape operations. | |||
| CVE-2026-28580 | high | 7.8 | 7.8 | 5d ago | In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. Use… | |||
| CVE-2026-28577 | high | 7.8 | 7.8 | 5d ago | In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privi… | |||
| CVE-2026-0100 | high | 7.8 | 7.8 | 5d ago | In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User… | |||
| CVE-2026-0099 | high | 7.8 | 7.8 | 5d ago | In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege wit… | |||
| CVE-2026-0098 | high | 7.8 | 7.8 | 5d ago | In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional ex… | |||
| CVE-2026-0096 | high | 7.8 | 7.8 | 5d ago | In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege w… | |||
| CVE-2026-0094 | high | 7.8 | 7.8 | 5d ago | In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalat… | |||
| CVE-2026-0093 | high | 7.8 | 7.8 | 5d ago | In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n… | |||
| CVE-2026-0091 | high | 7.8 | 7.8 | 5d ago | In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execut… | |||
| CVE-2026-0089 | high | 7.8 | 7.8 | 5d ago | In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no a… | |||
| CVE-2026-0088 | high | 7.8 | 7.8 | 5d ago | In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with … | |||
| CVE-2026-0087 | high | 7.8 | 7.8 | 5d ago | In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of p… | |||
| CVE-2026-0078 | high | 7.8 | 7.8 | 5d ago | In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with no additional e… | |||
| CVE-2026-0077 | high | 7.8 | 7.8 | 5d ago | In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local escalation of privilege with … | |||
| CVE-2026-0076 | high | 7.8 | 7.8 | 5d ago | In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2026-0045 | high | 7.8 | 7.8 | 5d ago | In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no add… | |||
| CVE-2026-0036 | high | 7.8 | 7.8 | 5d ago | In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution priv… | |||
| CVE-2026-0009 | high | 7.8 | 7.8 | 5d ago | In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti… | |||
| CVE-2026-43958 | high | 7.8 | 7.8 | 5d ago | A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulner… | |||
| CVE-2026-0072 | high | 7.8 | 7.8 | 5d ago | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi… | |||
| CVE-2026-8501 | high | 7.8 | 7.8 | 5d ago | Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IO… | |||
| CVE-2026-38950 | high | 7.8 | 7.8 | 5d ago | An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.l… | |||
| CVE-2026-10118 | high | 7.8 | 7.8 | 5d ago | A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatte… | |||
| CVE-2026-32325 | high | 7.8 | 7.8 | 6d ago | Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affec… | |||
| CVE-2026-27788 | high | 7.8 | 7.8 | 6d ago | Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can l… | |||
| CVE-2026-20455 | high | 7.8 | 7.8 | 6d ago | In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. U… | |||
| CVE-2026-46242 | high | 7.8 | 7.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_l… | |||
| CVE-2026-49382 | high | 7.8 | 7.8 | 8d ago | In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin | |||
| CVE-2026-49366 | high | 7.8 | 7.8 | 8d ago | In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion | |||
| CVE-2026-45555 | high | 7.8 | 7.8 | 9d ago | Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the get_diagnostics MCP tool loads and executes all DiagnosticAn… | |||
| CVE-2026-40528 | high | 7.8 | 7.8 | 9d ago | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memor… | |||
| CVE-2026-9987 | high | 7.8 | 7.8 | 9d ago | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium sec… | |||
| CVE-2026-47333 | high | 7.8 | 7.8 | 9d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification han… | |||
| CVE-2026-47331 | high | 7.8 | 7.8 | 9d ago | Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-fr… | |||
| CVE-2026-44463 | high | 7.8 | 7.8 | 9d ago | Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g.,… | |||
| CVE-2026-49237 | high | 7.8 | 7.8 | 10d ago | An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd da… | |||
| CVE-2026-46240 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: … | |||
| CVE-2026-46227 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL The SCTP_SENDALL path in sctp_sendmsg() iterates ep->as… | |||
| CVE-2026-46215 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl b… | |||
| CVE-2026-46210 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmt_src during MBPF check During concurrency testing, multiple instances can run in parallel, … | |||
| CVE-2026-46209 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() drm_gem_fb_init_with_funcs() computes sub-s… | |||
| CVE-2026-46208 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tp_meter sessions during mesh teardown TP meter sessions remain linked on bat_priv->tp_list after the netlink re… | |||
| CVE-2026-46206 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tp_meter sessions during teardown Prevent tp_meter from starting new sender or receiver sessions after mes… | |||
| CVE-2026-46205 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume … | |||
| CVE-2026-46201 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() When xe_dma_buf_init_obj() fails, the attachment from dma_buf_dynami… | |||
| CVE-2026-46197 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds b… | |||
| CVE-2026-46181 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees th… | |||
| CVE-2026-46178 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() Sashiko points out that mlx4_srq_alloc() was not undone during erro… | |||
| CVE-2026-46176 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() mlx5_ib_dev_res_srq_init() allocates two SRQs, s0 and s1. Wh… | |||
| CVE-2026-46173 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_… | |||
| CVE-2026-46157 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrent… | |||
| CVE-2026-46145 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to … | |||
| CVE-2026-46129 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info() error path When kobject_init_and_add() fails, the call chain is: create_space_info… | |||
| CVE-2026-46120 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: ip6_gre: Use cached t->net in ip6erspan_changelink(). After commit 5e72ce3e3980 ("net: ipv6: Use link netns in newlink() of rtnl_… | |||
| CVE-2026-46117 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing … | |||
| CVE-2026-46116 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete KASAN reproduces a slab-use-after-free in __xfrm_state_delete()'… | |||
| CVE-2026-46112 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out that hns_roce_qp_remove() requires the caller to hold lock… | |||
| CVE-2026-46111 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in create_big_sync Add hci_conn_valid() check in create_big_sync() to detect stale connect… | |||
| CVE-2026-46107 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalance_children. If the internal btree node … | |||
| CVE-2026-46105 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capabilit… | |||
| CVE-2026-45322 | high | 7.8 | 7.8 | 10d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in … | |||
| CVE-2026-44709 | high | 7.8 | 7.8 | 10d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly withou… | |||
| CVE-2026-7365 | high | 7.8 | 7.8 | 11d ago | IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w… | |||
| CVE-2026-46100 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users t… | |||
| CVE-2026-46093 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_l… | |||
| CVE-2026-46090 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback start… | |||
| CVE-2026-46081 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_re… | |||
| CVE-2026-46065 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Hold state of deferred I/O in struct fb_deferred_io_sta… | |||
| CVE-2026-46062 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` … | |||
| CVE-2026-46058 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_releas… | |||
| CVE-2026-46053 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error __rds_rdma_map() hands sg/pages ownership to the transport after get_mr() succeeds. If cop… | |||
| CVE-2026-46036 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex vfio_cdx_set_msi_trigger() reads vdev->config_msi and operates o… | |||
| CVE-2026-46015 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: tcp: call sk_data_ready() after listener migration When inet_csk_listen_stop() migrates an established child socket from a closin… | |||
| CVE-2026-46011 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtk_jpeg_release() function frees the context str… | |||
| CVE-2026-46006 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveau_gem_pushbuf_reloc_apply() validates each relocation with … | |||
| CVE-2026-45991 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a h… | |||
| CVE-2026-3623 | high | 7.8 | 7.8 | 11d ago | IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker c… | |||
| CVE-2026-45984 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2… | |||
| CVE-2026-45980 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Stop job scheduling across aie2_release_resource() Running jobs on a hardware context while it is in the process o… | |||
| CVE-2026-45970 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlb_arp_recv during bond up/down The ALB RX path may access rx_hashtbl concurrently with bond teardown. … | |||
| CVE-2026-45959 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned wit… |