CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,004
medium
medium 4,828
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35340 | medium | 5.5 | 5.5 | 2mo ago | A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the l… | |||
| CVE-2026-35339 | medium | 5.5 | 5.5 | 2mo ago | The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure o… | |||
| CVE-2026-6862 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an … | |||
| CVE-2026-31529 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __construct_region() Failing the first sysfs_update_group() needs to explicitly kfree the resource as … | |||
| CVE-2026-31526 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock checking for subprogs process_bpf_exit_full() passes check_lock = !curframe to check_resource_leak()… | |||
| CVE-2026-31524 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated kmemdup()-al… | |||
| CVE-2026-31522 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory leak in magicmouse_report_fixup() The magicmouse_report_fixup() function was returning a newly kmem… | |||
| CVE-2026-31521 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol st_shndx is out of bounds The module loader doesn't check for bounds of the ELF section in… | |||
| CVE-2026-31520 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in apple_report_fixup() The apple_report_fixup() function was returning a newly kmemdup()-allocated… | |||
| CVE-2026-31519 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create We have recently observed a number of subvolumes with broken dentries. … | |||
| CVE-2026-31518 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp and async crypto When the TX queue for espintcp is full, esp_output_tail_tcp will return an error… | |||
| CVE-2026-31517 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() panic on non-linear skb during reassembly In iptfs_reassem_cont(), IP-TFS attempts to append data to t… | |||
| CVE-2026-31515 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfkey_send_migrate() syzbot was able to trigger a crash in skb_put() [1] Issue is that pfkey_send_m… | |||
| CVE-2026-31514 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in short read case For file-backed mount, IO requests are handled by vfs_iocb_iter_read(). However, … | |||
| CVE-2026-31512 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() l2cap_ecred_data_rcv() reads the SDU le… | |||
| CVE-2026-31510 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb Before using sk pointer, check if it is null. Fix the following: K… | |||
| CVE-2026-31509 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking dependency in nci_close_device nci_close_device() flushes rx_wq and tx_wq while holding req_lock. … | |||
| CVE-2026-31503 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udp_sock to a local address and port, UDP uses two hashes (… | |||
| CVE-2026-31499 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del() l2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer and id_a… | |||
| CVE-2026-31498 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop l2cap_config_req() processes CONFIG_REQ for channels in BT_CONN… | |||
| CVE-2026-31497 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO altsetting table indices btusb_work() maps the number of active SCO links to USB alternate settings t… | |||
| CVE-2026-31496 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Si… | |||
| CVE-2026-31495 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlink policy range checks Replace manual range and mask validations with netlink policy annotations i… | |||
| CVE-2026-31492 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp completion before using it In irdma_create_qp, if ib_copy_to_udata fails, it will call irdma_destr… | |||
| CVE-2026-31491 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calculation functions An issue was exposed where OS can pass in U32_MAX for SQ/RQ/SRQ size. This can cau… | |||
| CVE-2026-31487 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is c… | |||
| CVE-2026-31483 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre boundary for syscall dispatch table The s390 syscall number is directly controlled by userspace, but d… | |||
| CVE-2026-31482 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register on kernel entry Before commit f33f2d4c7c80 ("s390/bp: remove TIF_ISOLATE_BP"), all entry handlers … | |||
| CVE-2026-31481 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data c… | |||
| CVE-2026-31480 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock in cpu hotplug with osnoise The following sequence may leads deadlock in cpu hotplug: task1 … | |||
| CVE-2026-31472 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet tot_len and ihl fields pa… | |||
| CVE-2026-31465 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SB_I_NO_DATA_INTEGRITY superblock flag for fi… | |||
| CVE-2026-31462 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PASID reuse case PASID resue could cause interrupt issue when process immediately runs into hw stat… | |||
| CVE-2026-31461 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid leak in amdgpu_dm [WHAT] When a sink is connected, aconnector->drm_edid was overwritten without fre… | |||
| CVE-2026-31460 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_caps is valid in BL setup LVDS connectors don't have extended backlight caps so check if the pointe… | |||
| CVE-2026-31459 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure Patch series "mm/damon/sysfs: fix memory leak and NULL d… | |||
| CVE-2026-31458 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] Multiple sysfs command paths dereference contexts_arr[0] with… | |||
| CVE-2026-31457 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr in repeat_call_fn damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_… | |||
| CVE-2026-31451 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio Replace BUG_ON() with proper error handling when inline… | |||
| CVE-2026-31445 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damon_call() is online DAMON parameters update. It … | |||
| CVE-2026-31443 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when the event log is disabled If reporting errors to the event log is not supported by the hardware, … | |||
| CVE-2026-31441 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak when a wq is reset idxd_wq_disable_cleanup() which is called from the reset path for a workqueue… | |||
| CVE-2026-31440 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking event log memory During the device remove process, the device is reset, causing the configuration re… | |||
| CVE-2026-31439 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL. Fix the … | |||
| CVE-2026-31438 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators When a process crashes and the kernel writes a core dump to a… | |||
| CVE-2026-31437 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry When a write subrequest is marked NETFS_SREQ_NEED_RETRY,… | |||
| CVE-2026-31434 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group space_info When create_space_info_sub_group() allocates elements of space_info->sub… | |||
| CVE-2026-6844 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable … | |||
| CVE-2026-6843 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application … | |||
| CVE-2026-22748 | medium | — | 5.5 | 2mo ago | Spring Security has Potential Security Misconfiguration when Using withIssuerLocation | |||
| CVE-2026-22747 | medium | — | 5.5 | 2mo ago | Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates | |||
| CVE-2026-40608 | medium | 5.5 | 5.5 | 2mo ago | Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, … | |||
| CVE-2026-3219 | medium | — | 5.5 | 2mo ago | pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as ins… | |||
| CVE-2026-6369 | medium | 5.5 | 5.5 | 2mo ago | An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sen… | |||
| CVE-2026-31429 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 va… | |||
| CVE-2026-40881 | medium | — | 5.5 | 2mo ago | Zebra: addr/addrv2 Deserialization Resource Exhaustion | |||
| CVE-2026-28741 | medium | — | 5.5 | 2mo ago | Mattermost doesn't validate CSRF tokens on an authentication endpoint | |||
| CVE-2026-3590 | medium | — | 5.5 | 2mo ago | Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement | |||
| CVE-2026-40919 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacke… | |||
| CVE-2026-40918 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bou… | |||
| CVE-2026-40916 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM… | |||
| CVE-2026-41062 | medium | — | 5.5 | 2mo ago | WWBN AVideo has an Incomplete fix: Directory traversal bypass via query string in ReceiveImage downloadURL parameters | |||
| CVE-2026-40091 | medium | — | 5.5 | 2mo ago | SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs | |||
| CVE-2026-25133 | medium | — | 5.5 | 2mo ago | October Rain has Stored XSS via SVG Filter Bypass | |||
| CVE-2026-25125 | medium | — | 5.5 | 2mo ago | October Rain has Environment Variable Exfiltration via INI Parser Interpolation | |||
| CVE-2026-40311 | medium | — | 5.5 | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash… | |||
| CVE-2026-33103 | medium | 5.5 | 5.5 | 2mo ago | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32181 | medium | 5.5 | 5.5 | 2mo ago | Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. | |||
| CVE-2026-32214 | medium | 5.5 | 5.5 | 2mo ago | Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32084 | medium | 5.5 | 5.5 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32079 | medium | 5.5 | 5.5 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | |||
| CVE-2026-27930 | medium | 5.5 | 5.5 | 2mo ago | Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-20806 | medium | 5.5 | 5.5 | 2mo ago | Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32212 | medium | 5.5 | 5.5 | 2mo ago | Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32218 | medium | 5.5 | 5.5 | 2mo ago | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32217 | medium | 5.5 | 5.5 | 2mo ago | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32216 | medium | 5.5 | 5.5 | 2mo ago | Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally. | |||
| CVE-2026-32215 | medium | 5.5 | 5.5 | 2mo ago | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32085 | medium | 5.5 | 5.5 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32081 | medium | 5.5 | 5.5 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | |||
| CVE-2026-27931 | medium | 5.5 | 5.5 | 2mo ago | Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-31428 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD __build_packet_message() manually constructs the NFULA_… | |||
| CVE-2026-31427 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp process_sdp() declares union nf_inet_addr rtp_addr … | |||
| CVE-2026-31425 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rds_ib_get_mr() extracts the rds_ib_connection from conn->c… | |||
| CVE-2026-31424 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP Weiming Shi says: xt_match and xt_target… | |||
| CVE-2026-31423 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. … | |||
| CVE-2026-31422 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_flow: fix NULL pointer dereference on shared blocks flow_change() calls tcf_block_q() and dereferences q->handle t… | |||
| CVE-2026-31421 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and der… | |||
| CVE-2026-31420 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic br_mrp_start_test() and br_mrp_start_in_test() accept the user-supplied… | |||
| CVE-2026-31418 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops t… | |||
| CVE-2026-31416 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for t… | |||
| CVE-2026-31415 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6_datagram_send_ctl() Yiming Qian reported : <quote> I believe I found a locally triggerable kernel b… | |||
| CVE-2026-31412 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()… | |||
| CVE-2026-34500 | medium | — | 5.5 | 2mo ago | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20… | |||
| CVE-2026-24661 | medium | — | 5.5 | 2mo ago | Mattermost MS Teams plugin doesn't limit the request body size on the /changes webhook endpoint | |||
| CVE-2026-32591 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the spec… | |||
| CVE-2026-31411 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc… | |||
| CVE-2026-28264 | medium | 5.5 | 5.5 | 2mo ago | Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potenti… | |||
| CVE-2026-39413 | medium | — | 5.5 | 2mo ago | lightrag-hku: JWT Algorithm Confusion Vulnerability | |||
| CVE-2026-5745 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL … |