CVEs from 2026
Total
14,797
critical
critical 1,335
high
high 5,010
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31731 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Address thermal zone removal races with resume Since thermal_zone_pm_complete() and thermal_zone_device_resume() r… | |||
| CVE-2026-31730 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx->remote_heap fastrpc_init_create_static_process() may free cctx->remote_heap on the e… | |||
| CVE-2026-31729 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsi_notify_common() The connector number extracted from CCI via UCSI_CCI_CONNECTO… | |||
| CVE-2026-31720 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_uac1_legacy: validate control request size f_audio_complete() copies req->length bytes into a 4-byte stack variabl… | |||
| CVE-2026-31716 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate rec->used in journal-replay file record check check_file_record() validates rec->total against the record size… | |||
| CVE-2026-31715 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both … | |||
| CVE-2026-31703 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inode_switch_wbs_work_fn() inode_switch_wbs_work_fn() has a loop like: wb_get(new_wb); whil… | |||
| CVE-2026-31702 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() In f2fs_compress_write_end_io(), dec_page_count(sbi, type) can br… | |||
| CVE-2026-31700 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() In tpacket_snd(), when PACKET_VNET_HDR is enabled, vnet_hdr point… | |||
| CVE-2026-31696 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation of ticket length in non-XDR key preparsing In rxrpc_preparse(), there are two paths for parsing key… | |||
| CVE-2026-31695 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` f… | |||
| CVE-2026-31694 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-control… | |||
| CVE-2026-7584 | high | 7.8 | 7.8 | 1mo ago | The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted… | |||
| CVE-2026-5656 | high | 7.8 | 7.8 | 1mo ago | Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | |||
| CVE-2026-5405 | high | 7.8 | 7.8 | 1mo ago | RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | |||
| CVE-2026-5403 | high | 7.8 | 7.8 | 1mo ago | SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | |||
| CVE-2026-6389 | high | 7.8 | 7.8 | 1mo ago | IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An a… | |||
| CVE-2026-33451 | high | 7.8 | 7.8 | 1mo ago | CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and … | |||
| CVE-2026-31693 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code wher… | |||
| CVE-2026-31787 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. W… | |||
| CVE-2026-31786 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL t… | |||
| CVE-2026-39457 | high | 7.8 | 7.8 | 1mo ago | When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size l… | |||
| CVE-2026-7270 | high | 7.8 | 7.8 | 1mo ago | An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be exploitable by… | |||
| CVE-2026-4775 | high | 7.8 | 7.8 | 1mo ago | RHSA-2026:20585: compat-libtiff3 security update (Important) | |||
| CVE-2026-30769 | high | 7.8 | 7.8 | 1mo ago | An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests. | |||
| CVE-2026-41952 | high | 7.8 | 7.8 | 1mo ago | Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) … | |||
| CVE-2026-41220 | high | 7.8 | 7.8 | 1mo ago | Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) … | |||
| CVE-2026-42432 | high | 7.8 | 7.8 | 1mo ago | OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement | |||
| CVE-2026-41396 | high | 7.8 | 7.8 | 1mo ago | OpenClaw: Workspace `.env` can override the bundled plugin trust root | |||
| CVE-2026-41387 | high | 7.8 | 7.8 | 1mo ago | OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides | |||
| CVE-2026-41384 | high | 7.8 | 7.8 | 1mo ago | OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config | |||
| CVE-2026-7279 | high | 7.8 | 7.8 | 1mo ago | AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code executio… | |||
| CVE-2026-41526 | high | 7.8 | 7.8 | 1mo ago | In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading … | |||
| CVE-2026-32655 | high | 7.8 | 7.8 | 1mo ago | Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnera… | |||
| CVE-2026-31690 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol driv… | |||
| CVE-2026-31688 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site … | |||
| CVE-2026-31686 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct page aligned. But that's not a… | |||
| CVE-2026-25908 | high | 7.8 | 7.8 | 1mo ago | Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potenti… | |||
| CVE-2026-5943 | high | 7.8 | 7.8 | 1mo ago | Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not pro… | |||
| CVE-2026-40048 | high | 7.8 | 7.8 | 1mo ago | Camel-PQC Vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-34003 | high | 7.8 | 7.8 | 1mo ago | A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerabi… | |||
| CVE-2026-33999 | high | 7.8 | 7.8 | 1mo ago | A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger … | |||
| CVE-2026-34001 | high | 7.8 | 7.8 | 1mo ago | A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to… | |||
| CVE-2026-7039 | high | 7.8 | 7.8 | 1mo ago | A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description l… | |||
| CVE-2026-31683 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing… | |||
| CVE-2026-31680 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: flowlabel: defer exclusive option free until RCU teardown `ip6fl_seq_show()` walks the global flowlabel hash under the… | |||
| CVE-2026-31678 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: openvswitch: defer tunnel netdev_put to RCU release ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already detached … | |||
| CVE-2026-31675 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_netem: fix out-of-bounds access in packet corruption In netem_enqueue(), the packet corruption logic uses get_rand… | |||
| CVE-2026-31673 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: af_unix: read UNIX_DIAG_VFS data under unix_state_lock Exact UNIX diag lookups hold a reference to the socket, but not to u->path… | |||
| CVE-2026-42171 | high | 7.8 | 7.8 | 1mo ago | NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTe… | |||
| CVE-2026-41477 | high | 7.8 | 7.8 | 1mo ago | Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes pr… | |||
| CVE-2026-31667 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered repro… | |||
| CVE-2026-31666 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() After commit 1618aa3c2e01 ("btrfs: simplify ret… | |||
| CVE-2026-31665 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: fix use-after-free in timeout object destroy nft_ct_timeout_obj_destroy() frees the timeout object with kfree(… | |||
| CVE-2026-31663 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transport_finish NF_HOOK After async crypto completes, xfrm_input_resume() calls dev_put() immedia… | |||
| CVE-2026-31656 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat A use-after-free / refcount underflow is possible when the hea… | |||
| CVE-2026-31652 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damon_call() failure leaking damon_ctx damon_stat_start() always allocates the module's damon_ctx objec… | |||
| CVE-2026-31650 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix use-after-free on disconnect The vub300 driver maintains an explicit reference count for the controller and its … | |||
| CVE-2026-31648 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() When running stress-ng on my Arm64 machine with v7.0-rc3 ke… | |||
| CVE-2026-31644 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() When lan966x_fdma_reload() fails to allocate new RX buffers, t… | |||
| CVE-2026-31641 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpc_preparse_xdr_yfs_rxgk() reads the raw key length and ticket length from the X… | |||
| CVE-2026-31630 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: proc: size address buffers for %pISpc output The AF_RXRPC procfs helpers format local and remote socket addresses into fix… | |||
| CVE-2026-31627 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: i2c: s3c24xx: check the size of the SMBUS message before using it The first byte of an i2c SMBUS message is the size, and it shou… | |||
| CVE-2026-31602 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CT_PTP_NUM from 1 to 4 to support 256 playback streams, but… | |||
| CVE-2026-31597 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY filemap_fault() may drop the mmap_lock before returning VM_FAULT_R… | |||
| CVE-2026-31587 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplolog… | |||
| CVE-2026-31586 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() cgwb_release_workfn() calls css_put(wb->blkcg_css) and then later acc… | |||
| CVE-2026-31584 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix use-after-free in encoder release path The fops_vcodec_release() function frees the context structur… | |||
| CVE-2026-31583 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: media: em28xx: fix use-after-free in em28xx_v4l2_open() em28xx_v4l2_open() reads dev->v4l2 without holding dev->lock, creating a … | |||
| CVE-2026-31582 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix use-after-free on USB disconnect After powerz_disconnect() frees the URB and releases the mutex, a subsequent… | |||
| CVE-2026-31581 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free on disconnect In usb6fire_chip_abort(), the chip struct is allocated as the card's private data (… | |||
| CVE-2026-31580 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: bcache: fix cached_dev.sb_bio use-after-free and crash In our production environment, we have received multiple crash reports reg… | |||
| CVE-2026-31578 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: media: as102: fix to not free memory after the device is registered in as102_usb_probe() In as102_usb driver, the following race … | |||
| CVE-2026-31576 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free memory after the device is registered in hackrf_probe() In hackrf driver, the following race condi… | |||
| CVE-2026-31566 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib amdgpu_amdkfd_submit_ib() submits a GPU job and gets a fence fro… | |||
| CVE-2026-31554 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: futex: Require sys_futex_requeue() to have identical flags Nicholas reported that his LLM found it was possible to create a UaF w… | |||
| CVE-2026-31548 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down When the nl80211 socket that originated a PMSR request is closed, … | |||
| CVE-2026-31541 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix trace_marker copy link list updates When the "copy_trace_marker" option is enabled for an instance, anything written… | |||
| CVE-2026-41336 | high | 7.8 | 7.8 | 2mo ago | OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code | |||
| CVE-2026-41206 | high | 7.8 | 7.8 | 2mo ago | PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code | |||
| CVE-2026-32679 | high | 7.8 | 7.8 | 2mo ago | The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCam… | |||
| CVE-2026-41134 | high | 7.8 | 7.8 | 2mo ago | Kiota: Code Generation Literal Injection | |||
| CVE-2026-31530 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parent_port in cxl_detach_ep() cxl_detach_ep() is called during bottom-up removal when all CXL me… | |||
| CVE-2026-31528 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->pmu for groups Oliver reported that x86_pmu_del() ended up doing an out-of-bound memory access wh… | |||
| CVE-2026-31527 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' mat… | |||
| CVE-2026-31525 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN The BPF interpreter's signed 32-bit division and modulo handlers… | |||
| CVE-2026-31516 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.work from racing with netns teardown A XFRM_MSG_NEWSPDINFO request can queue the per-net work item p… | |||
| CVE-2026-31511 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete This fixes the condition checking so mgmt_pending… | |||
| CVE-2026-31508 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasing netdev before teardown completes The patch cited in the Fixes tag below changed the teardown co… | |||
| CVE-2026-31507 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer smc_rx_splice() allocates one smc_spd_priv per … | |||
| CVE-2026-31506 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wol_irq since it was instantiated with devm_request_irq(). So devr… | |||
| CVE-2026-31505 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() iavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the v… | |||
| CVE-2026-31504 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_release() via NETDEV_UP race `packet_release()` has a race window where `NETDEV_UP` can re-register… | |||
| CVE-2026-31502 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confusion with non-Ethernet ports Similar to commit 950803f72547 ("bonding: fix type confusion in bond_… | |||
| CVE-2026-31500 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock btintel_hw_error() issues two __hci_cmd_sync() calls (HCI… | |||
| CVE-2026-31494 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the… | |||
| CVE-2026-31493 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we p… | |||
| CVE-2026-31490 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xe_sriov_pf_migration_restore_produce(), the da… | |||
| CVE-2026-31489 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path meson_spicc_probe() registers the controller with devm_spi_register_controller(),… | |||
| CVE-2026-31488 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 ("drm/amd/display: Add ds… |